security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Werner Koch 2326851c60
gpg: Sanitize diagnostic with the original file name. 
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
(cherry picked from commit 13f135c7a2)
 		2018-06-08 10:50:38 +02:00
..
ChangeLog-2011 Rename all ChangeLog files to ChangeLog-2011. 2011-12-02 19:42:56 +01:00
Makefile.am build: Avoid check gpg --version during make distcheck. 2017-07-19 10:55:44 +02:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
apdu.c Use inline functions to convert buffer data to scalars. 2015-02-23 10:47:26 +01:00
apdu.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-common.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-openpgp.c Use inline functions to convert buffer data to scalars. 2015-02-23 10:47:26 +01:00
armor.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
build-packet.c gpg: Fix exporting of zero length user ID packets. 2017-03-30 10:54:10 +02:00
card-util.c Preparing a release candidate 2010-09-23 08:15:45 +00:00
cardglue.c support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
cardglue.h support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
ccid-driver.c Fix spelling: "occured" should be "occurred" 2016-08-04 12:37:34 +02:00
ccid-driver.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
cipher.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
compress-bz2.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
compress.c g10: Push compress filter only if compressed. 2018-04-13 10:17:55 +09:00
dearmor.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
decrypt.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
delkey.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
encode.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
encr-data.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
exec.c Revert that last stupid setuid detection fix. 2008-07-17 19:47:19 +00:00
exec.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
export.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
filter.h gpg: Print better diagnostics for keyserver operations. 2015-02-23 10:52:37 +01:00
free-packet.c g10: fix cmp_public_key and cmp_secret_keys. 2015-04-30 17:20:08 +09:00
getkey.c g10: Improve handling of no corresponding public key. 2015-05-19 10:14:09 +09:00
global.h Add kbnode_t for easier backporting. 2014-08-06 18:33:21 +02:00
gpg.c gpg: Add dummy option --with-subkey-fingerprint. 2016-08-17 14:50:35 +02:00
gpgv.c gpgv: Tweak default options for extra security. 2016-07-09 10:41:08 +09:00
helptext.c Fix typos spotted during translations 2012-08-24 16:37:44 +02:00
import.c gpg: Remove an unused variable. 2015-02-23 10:53:05 +01:00
iso7816.c minor changes for VMS 2009-12-15 11:07:43 +00:00
iso7816.h Last minute fixes 2009-09-02 17:30:53 +00:00
kbnode.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keydb.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
keydb.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyedit.c gpg: Print a warning if the subkey expiration may not be what you want. 2015-02-23 10:36:18 +01:00
keygen.c g10: Fix secmem leak. 2017-05-10 14:09:54 +09:00
keyid.c gpg: Fix segv due to NULL value stored as opaque MPI 2015-02-23 10:56:21 +01:00
keylist.c indent: Fix indentation of an if block. 2017-07-19 10:12:00 +02:00
keyring.c gpg: Prevent an invalid memory read using a garbled keyring. 2015-02-23 10:46:07 +01:00
keyring.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver-internal.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver.c Switch to a hash and CERT record based PKA system. 2015-02-26 18:30:08 +01:00
main.h gpg: Add option --weak-digest to gpg and gpgv. 2015-12-19 15:14:27 +01:00
mainproc.c gpg: Sanitize diagnostic with the original file name. 2018-06-08 10:50:38 +02:00
mdfilter.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
misc.c gpg: Add option --weak-digest to gpg and gpgv. 2015-12-19 15:14:27 +01:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
options.h g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
options.skel * options.skel: Make the example for force-v3-sigs match reality (it 2010-09-28 16:13:24 +00:00
packet.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
parse-packet.c g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
passphrase.c Pass DBUS_SESSION_BUS_ADDRESS for gnome3 2015-12-17 15:14:56 +01:00
photoid.c * photoid.c (generate_photo_id): Check for the JPEG magic numbers 2011-04-05 23:47:58 -04:00
photoid.h * main.h, mainproc.c (check_sig_and_print), keylist.c 2008-10-03 19:54:30 +00:00
pipemode.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
pkclist.c Fix spelling: "occured" should be "occurred" 2016-08-04 12:37:34 +02:00
plaintext.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
progress.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
pubkey-enc.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c Fix a couple of minor bugs. 2009-06-24 14:01:20 +00:00
seckey-cert.c Protect against NULL return of mpi_get_opaque. 2015-02-23 11:04:35 +01:00
seskey.c * sig-check.c (do_check): Code to try both the incorrect and correct 2007-11-28 23:08:35 +00:00
sig-check.c g10: Fix checking key for signature validation. 2016-08-04 17:14:26 +09:00
sign.c Obsolete option --no-sig-create-check. 2015-09-01 07:47:14 +02:00
signal.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
skclist.c Fix bug 1045. 2009-05-11 09:37:25 +00:00
status.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
status.h Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
tdbdump.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tdbio.c g10: Fix another race condition for trustdb access. 2016-06-15 09:01:00 +09:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:35:01 +02:00
textfilter.c gpg: Fix memory leak. 2017-07-07 21:53:12 +09:00
tlv.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tlv.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
trustdb.c g10: Fix regexp sanitization. 2017-12-04 19:33:45 +09:00
trustdb.h Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) 2012-01-19 22:33:51 -05:00
verify.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00