PublicDate: 2008-03-27 23:44:00 UTC
Candidate: CVE-2008-1530
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1530
Description:
 GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of
 service (crash) and possibly execute arbitrary code via crafted duplicate
 keys that are imported from key servers, which triggers "memory corruption
 around deduplication of user IDs."
Ubuntu-Description:
Notes:
 jdstrand> verified all ubuntu releases not affected (amd64 kvm)
 jdstrand> upcoming 1.4.9 and 2.0.9 will have fix
Bugs:
 http://bugs.g10code.com/gnupg/issue894
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnupg:
upstream_gnupg: not-affected (1.4.9)
dapper_gnupg: not-affected (1.4.2.2-1ubuntu2.5)
edgy_gnupg: not-affected (1.4.3-2ubuntu3.3)
feisty_gnupg: not-affected (1.4.6-1ubuntu2)
gutsy_gnupg: not-affected (1.4.6-2ubuntu4)
devel_gnupg: not-affected (1.4.6-2ubuntu5)

Patches_gnupg2:
upstream_gnupg2: not-affected (2.0.9)
dapper_gnupg2: not-affected (1.9.19-2)
edgy_gnupg2: not-affected (1.9.21-0ubuntu5.3)
feisty_gnupg2: not-affected (2.0.3-1ubuntu1)
gutsy_gnupg2: not-affected (2.0.4-1ubuntu3)
devel_gnupg2: not-affected (2.0.7-1)