diff options
Diffstat (limited to 'g10/ChangeLog')
| -rw-r--r-- | g10/ChangeLog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 193bf7b08..ebf49c329 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +2006-12-07 Werner Koch <[email protected]> + + * encr-data.c: Allocate DFX context on the heap and not on the + stack. Changes at several places. Fixes CVE-2006-6235. + + * openfile.c (ask_outfile_name): Fixed buffer overflow occurring + if make_printable_string returns a longer string. Fixes bug 728. + + * parse-packet.c (parse_user_id): Cap the user ID size at 2048 + bytes. This prevents a memory allocation attack with a very large + user ID. A very large packet length could even cause the + allocation (a u32) to wrap around to a small number. Noted by + Evgeny Legerov on full-disclosure. + (parse_comment): Likewise. + 2005-02-21 Werner Koch <[email protected]> * seckey-cert.c (do_check): Detect card diversion protection. |