Launchpad.net

CVE 2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

Related bugs and status

CVE-2015-1607 (Candidate) is related to these bugs:

Bug #1409117: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM

		In	Importance	Status
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Debian)	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	GnuPG	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Utopic)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Utopic)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Trusty)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Trusty)	Wishlist	Fix Released

Bug #1421640: "gpg2 --refresh-keys" results in "rejected by import filter"

		In	Importance	Status
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu)	Undecided	Fix Released
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu Vivid)	Undecided	Fix Released
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu Utopic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-1607

Related bugs and status

Related bugs

References