VULHUB ™

FreeBSD Security Advisory FreeBSD-SA-01:44 - The gnupg port, versions prior to gnupg-1.0.6, contains a format string vulnerability. If gnupg attempts to decrypt a file whose filename does not end in '.gpg', the filename is copied to the prompt string, allowing a user-supplied format string. This may allow a malicious user to cause arbitrary code to be executed as the user running gnupg.

FreeBSD Security Advisory FreeBSD-SA-01:44 - The gnupg port, versions prior to gnupg-1.0.6, contains a format string vulnerability. If gnupg attempts to decrypt a file whose filename does not end in '.gpg', the filename is copied to the prompt string, allowing a user-supplied format string. This may allow a malicious user to cause arbitrary code to be executed as the user running gnupg.