* [devel] Fw: The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
@ 2001-06-04 6:11 Volkov Serge
2001-06-04 7:34 ` Dmitry V. Levin
0 siblings, 1 reply; 2+ messages in thread
From: Volkov Serge @ 2001-06-04 6:11 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1520 bytes --]
Добрый день
Вот пришло сообщение из bugtraq
С наилучшими VAS
Начало пересылаемого сообщения:
Date: Fri, 1 Jun 2001 21:23:54 +0200
From: Werner Koch <wk@gnupg.org>
To: bugtraq@securityfocus.com
Subject: The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
Hi!
A remark on the recent GnuPG bug and the exploit:
In many cases GnuPG is used as a backend for a MUA or some script.
In these cases gpg should be called with the option --batch which
suppresses the output of the filename to the tty and thereby makes
it immune against the bug. So, it should be save to continue using
GnuPG from within a MUA.
However, I strongly recommend to upgrade anyway or just fix the
problem in util/ttyio.c as fish stiqz suggested.
There are minor build problem in GnuPG 1.0.6 when GCC is not used.
The missing parenthesis is quite obvious and the other problems are
related to gettext. If you encounter such a problem try to use
./configure --with-included-gettext && make
and if this also fails, forget about NLS by using
./configure --disable-nls && make
BTW, the Windows version is not affect by this bug, but there are
probably other problems with this system ;-)
Please send complains or other comments to <gnupg-users@gnupg.org>
and NOT by private mail. Thanks.
Ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [devel] Fw: The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
2001-06-04 6:11 [devel] Fw: The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Volkov Serge
@ 2001-06-04 7:34 ` Dmitry V. Levin
0 siblings, 0 replies; 2+ messages in thread
From: Dmitry V. Levin @ 2001-06-04 7:34 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 773 bytes --]
On Mon, Jun 04, 2001 at 10:11:47AM +0400, Volkov Serge wrote:
> Добрый день
>
> Вот пришло сообщение из bugtraq
В этом списке рассылки есть негласное правило: не форвардить из
bugtraq@securityfocus.com без необходимости. :)
В частности, в этом нет необходимости в случае, когда есть анонс в списке
security-announce:
http://www.altlinux.ru/pipermail/security-announce/2001-May/000010.html
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.ru/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-06-04 7:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-06-04 6:11 [devel] Fw: The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Volkov Serge
2001-06-04 7:34 ` Dmitry V. Levin
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git