[Pkg-gnupg-maint] Bug#771263: Bug#771263: gnupg buffer overflow
NIIBE Yutaka
gniibe at fsij.org
Mon Jan 19 04:34:04 UTC 2015
On 01/18/2015 07:19 PM, Frederik Himpe wrote:
> It looks like I'm hitting exactly the same issue:
> Jan 18 09:19:49 Error: ===== Begin GnuPG log =====
> Jan 18 09:19:49 Error: *** buffer overflow detected ***: gpg terminated
> Jan 18 09:19:49 Error: ======= Backtrace: =========
Thank you for your information. I wonder if you have reproducible
configuration which causes this error.
If so, I think that it's good to redirect this bug report to
duplicity.
> As a buffer overflow is also a potential security issue, I'm not sure it
> is a good idea to just ignore this bug.
Thank you for your kindness.
This bug in GnuPG is *not* ignored, but had been triaged, identified
with the reproducible script of mine.
The message "*** buffer overflow detected ***" is by hardened GNU C
library and it means that it successfully stops exploit of the buffer
overflow. Ideally, it should be detected by the application program
(GnuPG in this case), though.
--
More information about the Pkg-gnupg-maint
mailing list