Change History (8)
comment:1 by , 16 months ago
| Priority: | normal → high |
|---|
comment:2 by , 16 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 16 months ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:4 by , 16 months ago
| Status: | new → assigned |
|---|
comment:7 by , 16 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:8 by , 16 months ago
There is a CVE assigned: CVE-2022-47629.
Here are the release notes:
Noteworthy changes in version 1.6.3 (2022-12-06)
Fix another integer overflow in the CRL parser.
Note:
See TracTickets
for help on using tickets.
An additional remote code execution bug has been discovered due to a related issue to CVE-2022-3515.
https://dev.gnupg.org/T6284
This is due to another integer overflow. Not sure if an updated CVE will be assigned, but this needs to be treated with the same response as the prior libksba update. See https://gnupg.org/blog/20221017-pepe-left-the-ksba.html