Launchpad.net

CVE 2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

Related bugs and status

CVE-2015-1606 (Candidate) is related to these bugs:

Bug #1409117: GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM

		In	Importance	Status
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Debian)	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	GnuPG	Unknown	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Precise)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Utopic)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Utopic)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Lucid)	Wishlist	Won't Fix
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Vivid)	Undecided	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg (Ubuntu Trusty)	Wishlist	Fix Released
1409117	GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM	gnupg2 (Ubuntu Trusty)	Wishlist	Fix Released

Bug #1421640: "gpg2 --refresh-keys" results in "rejected by import filter"

		In	Importance	Status
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu)	Undecided	Fix Released
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu Vivid)	Undecided	Fix Released
1421640	"gpg2 --refresh-keys" results in "rejected by import filter"	gnupg2 (Ubuntu Utopic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-1606

Related bugs and status

Related bugs

References