]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 3e0ac73) | patch
gnupg: CVE-2013-4351
authorMing Liu <ming.liu@windriver.com>
Wed, 26 Mar 2014 08:32:12 +0000 (16:32 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 26 Mar 2014 12:15:11 +0000 (12:15 +0000)
commit259aebc9dbcaeb1587aaaab849942f55fa321724
treec43eaee38259be93e380a541ba516a8805a44ef9tree | snapshot
parent3e0ac7357a962e3ef6595d21ec4843b078a764ddcommit | diff
gnupg: CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits
cleared (no usage permitted) as if it has all bits set (all usage permitted),
which might allow remote attackers to bypass intended cryptographic protection
mechanisms by leveraging the subkey.

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch [new file with mode: 0644] blob
meta/recipes-support/gnupg/gnupg_1.4.7.bb diff | blob | history
Mirror of the official openembedded-core repository