[Bug 890123] New: gpgme 1.5.1 Fixes possible overflow in gpgsm and uiserver engines
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c0 Summary: gpgme 1.5.1 Fixes possible overflow in gpgsm and uiserver engines Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 From http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;h=0ea405ba... Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0] ------------------------------------------------------------- * Fixed possible overflow in gpgsm and uiserver engines. [CVE-2014-3564] * Added support for GnuPG 2.1's --with-secret option. * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_KEYLIST_MODE_WITH_SECRET NEW. Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2014-3564 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.redhat.com | |/show_bug.cgi?id=1113267 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-03 21:48:31 UTC --- Patch for CVE-2014-3564: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-03 22:05:00 UTC --- Created an attachment (id=600820) --> (http://bugzilla.novell.com/attachment.cgi?id=600820) patch for this issue applies back to at least 1.3.2 (openSUSE 12.3) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c3 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|ASSIGNED |NEEDINFO CC| |security-team@suse.de, | |vcizek@suse.com InfoProvider| |security-team@suse.de --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-03 22:10:09 UTC --- 1.5.1 for Base:System / gpgme: https://build.opensuse.org/request/show/243547 Maintenance request with patch openSUSE 12.3 and 13.1: https://build.opensuse.org/request/show/243548 Please review. SLE certainly affected, cc bugowner. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c4 --- Comment #4 from Vitezslav Cizek <vcizek@suse.com> 2014-08-05 12:07:07 CEST --- Thanks Andreas, All SLE gpgme packages are indeed affected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|security-team@suse.de | AssignedTo|Andreas.Stieger@gmx.de |security-team@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c5 --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-07 18:34:43 UTC --- Announcement: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html
* Noteworthy changes in version 1.4.4 (2014-07-30) - Fixed possible overflow in gpgsm and uiserver engines. [CVE-2014-3564] - Fixed possibled segv in gpgme_op_card_edit. - Fixed minor memleaks and possible zombie processes. - Fixed prototype inconsistencies and void pointer arithmetic.
They made a maintenance release for gpgme 1.4.x (openSUSE 13.1), propose straight update there. https://build.opensuse.org/request/show/243910 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2947:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2947:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2014-08-20 07:05:25 UTC --- openSUSE-SU-2014:1039-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 890123 CVE References: CVE-2014-3564 Sources used: openSUSE 13.1 (src): gpgme-1.4.4-2.4.1 openSUSE 12.3 (src): gpgme-1.3.2-2.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890123 https://bugzilla.novell.com/show_bug.cgi?id=890123#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|gpgme 1.5.1 Fixes possible |VUL-0: CVE-2014-3564: gpgme |overflow in gpgsm and |1.5.1 Fixes possible |uiserver engines |overflow in gpgsm and | |uiserver engines -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com