CVE-2008-1530
Publication date 27 March 2008
Last updated 24 July 2024
Ubuntu priority
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Notes
jdstrand
verified all ubuntu releases not affected (amd64 kvm) upcoming 1.4.9 and 2.0.9 will have fix