[Pkg-gnupg-maint] Bug#771263: Bug#771263: gnupg buffer overflow

NIIBE Yutaka gniibe at fsij.org
Mon Jan 19 04:34:04 UTC 2015

On 01/18/2015 07:19 PM, Frederik Himpe wrote:
> It looks like I'm hitting exactly the same issue:
> Jan 18 09:19:49 Error: ===== Begin GnuPG log =====
> Jan 18 09:19:49 Error: *** buffer overflow detected ***: gpg terminated
> Jan 18 09:19:49 Error: ======= Backtrace: =========

Thank you for your information.  I wonder if you have reproducible
configuration which causes this error.

If so, I think that it's good to redirect this bug report to

> As a buffer overflow is also a potential security issue, I'm not sure it
> is a good idea to just ignore this bug.

Thank you for your kindness.

This bug in GnuPG is *not* ignored, but had been triaged, identified
with the reproducible script of mine.

The message "*** buffer overflow detected ***" is by hardened GNU C
library and it means that it successfully stops exploit of the buffer
overflow.  Ideally, it should be detected by the application program
(GnuPG in this case), though.

More information about the Pkg-gnupg-maint mailing list