Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
f67a2d1c90c023729e0ddced605f0a8606af3720511cb5300dd9784ea2090aa4
OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
e2ad975972bd8b4d3c70e676abce3b1376c3b1ef57af266813f375814ebfe63c
Mandriva Linux Security Advisory - Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt.
1041a6ca0a612f13d8726413b84470bc96b4c160d46d073771f7593a9459b069