[pkg-gnupg-maint] Bug#852608: gnupg-agent: double-free in gpg-agent during heavily concurrent use
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 25 14:59:47 UTC 2017
Package: gnupg-agent
Version: 2.1.17-2
Severity: grave
Justification: renders package unusable
Control: fixed -1 2.1.18-2
There is a crash in gpg-agent under heavily concurrent use.
See:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-January/032499.html
This is reproducible on debian with:
export GNUPGHOME=$(mktemp -d)
gpg --passphrase abc123 --quick-gen-key test at example.org
gpgconf --kill gpg-agent
gpg -d < test.asc ## give the agent the passphrase
gpg-connect-agent 'getinfo pid' /bye
for i in $(seq 1 20); do
gpg2 -d < test.asc &
done
wait
gpg-connect-agent 'getinfo pid' /bye
It's fixed with the upload of 2.1.18-2.
--dkg
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnupg-agent depends on:
ii libassuan0 2.4.3-2
ii libc6 2.24-8
ii libgcrypt20 1.7.5-2
ii libgpg-error0 1.26-2
ii libnpth0 1.3-1
ii libreadline7 7.0-1
ii pinentry-curses [pinentry] 1.0.0-1
ii pinentry-gnome3 [pinentry] 1.0.0-1
ii pinentry-gtk2 [pinentry] 1.0.0-1
ii pinentry-qt [pinentry] 1.0.0-1
ii pinentry-tty [pinentry] 1.0.0-1
Versions of packages gnupg-agent recommends:
ii gnupg 2.1.17-2
ii gpgsm 2.1.17-2
Versions of packages gnupg-agent suggests:
ii scdaemon 2.1.17-2
-- no debconf information
More information about the pkg-gnupg-maint
mailing list