CVE-2015-1606

Priority
Description
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid
packets, which allows remote attackers to cause a denial of service
(invalid read and use-after-free) via a crafted keyring file.
Notes
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:released (1.4.18-7)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.4.16-1ubuntu2.3)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=81d3e541326e94d26a953aa70afc3cb149d11ebe
Package
Upstream:released (2.0.27,2.0.26-5)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [2.0.22-3ubuntu1.3])
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 (trunk)
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=824d88ac51b4d680f06e68f0879a7c1ec03cb2ba (2.0)
More Information

Updated: 2020-09-10 04:39:08 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)