oss-sec mailing list archives
Re: CVE ID request: GNUTLS
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 20 May 2008 11:34:37 +0200
On Mon, 19 May 2008 15:26:41 -0800 Jonathan Smith <smithj () freethemallocs com> wrote:
Florian Weimer wrote: | Several issues have been announced in GNUTLS-SA-2008-1:
Some references for Steven to use in the CVE descriptions: Upstream announcements: http://www.gnu.org/software/gnutls/security.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html CERT-FI advisory: https://www.cert.fi/haavoittuvuudet/advisory-gnutls.html Upstream patches: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=d223040e498bd50a4b9e0aa493e78587ae1ed653
Note that the fixed versions has changed. 2.2.4 didn't fix the issue, so they pushed 2.2.5 today as well. reference http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2812
Based on discussion here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html It seems like a regression. Adding Simon to CC, so he may comment on this if he wants. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE ID request: GNUTLS Florian Weimer (May 19)
- Re: CVE ID request: GNUTLS Jonathan Smith (May 19)
- Re: CVE ID request: GNUTLS Simon Josefsson (May 20)
- Re: CVE ID request: GNUTLS Tomas Hoger (May 20)
- Re: CVE ID request: GNUTLS Mark J Cox (May 20)
- Re: CVE ID request: GNUTLS Jonathan Smith (May 19)