CVE Request: gnutls/libdane buffer overflow

[Marcus Meissner <meissner () suse de>]

Hi,

GNUTLS just posted a security adivsory which needs a CVE:

http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
GNUTLS-SA-2013-3
Denial of service
This vulnerability affects the DANE library of gnutls 3.1.x and gnutls
3.2.x. A server that returns more 4 DANE entries could corrupt the memory
of a requesting client.  Recommendation: Upgrade to the latest gnutls
version (3.1.15 or 3.2.5)

Commit for 3.1:
https://gitorious.org/gnutls/gnutls/commit/916deedf41604270ac398314809e8377476433db

Commit for 3.2:
https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3

Ciao, Marcus