Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
f67a2d1c90c023729e0ddced605f0a8606af3720511cb5300dd9784ea2090aa4
OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
e2ad975972bd8b4d3c70e676abce3b1376c3b1ef57af266813f375814ebfe63c
Ubuntu Security Notice 393-1 - Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.
6013082fa4043753945b8b18eabd59e186f424d4407073d2d42a7c51411bf17c