Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-39-1 gpgme1.0

Debian Security Advisory

DLA-39-1 gpgme1.0 -- LTS security update

Date Reported:

20 Aug 2014

Affected Packages:

gpgme1.0

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 756651.
In Mitre's CVE dictionary: CVE-2014-3564.

More information:

Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

For Debian 6 Squeeze, these issues have been fixed in gpgme1.0 version 1.2.0-1.2+deb6u1