CVE ID request: GNUTLS

[Florian Weimer <fw () deneb enyo de>]

Several issues have been announced in GNUTLS-SA-2008-1:

*** [GNUTLS-SA-2008-1-1]
*** libgnutls: Fix crash when sending invalid server name.
The crash can be triggered remotely before authentication, which can
lead to a Daniel of Service attack to disable the server.  The bug
cause gnutls to store more session resumption data than what was
allocated for, thus overwriting unallocated memory.

*** [GNUTLS-SA-2008-1-2]
*** libgnutls: Fix crash when sending repeated client hellos.
The crash can be triggered remotely before authentication, which can
lead to a Daniel of Service attack to disable the server.  The bug
triggers a null-pointer dereference.

*** [GNUTLS-SA-2008-1-3]
*** libgnutls: Fix crash in cipher padding decoding for invalid record
*** lengths.
The crash can be triggered remotely before authentication, which can
lead to a Daniel of Service attack to disable the server.  The bug
cause gnutls to read memory beyond the end of the received record.

AFAIK, no CVE IDs have bee assigned yet.