oss-sec mailing list archives
Re: CVE Request: gnutls/libdane buffer overflow
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 31 Oct 2013 14:47:01 +0100
On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:
GNUTLS just posted a security adivsory which needs a CVE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3
It is updated now and recommends using 3.1.16 or 3.2.6, which correct off-by-one issue in the original fix: https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc I assume this needs a new CVE. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE Request: gnutls/libdane buffer overflow Marcus Meissner (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Tomas Hoger (Oct 31)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 31)