oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: gnutls/libdane buffer overflow

From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 31 Oct 2013 12:42:50 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/31/2013 07:47 AM, Tomas Hoger wrote:

On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:


GNUTLS just posted a security adivsory which needs a CVE:

http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 
GNUTLS-SA-2013-3


It is updated now and recommends using 3.1.16 or 3.2.6, which
correct off-by-one issue in the original fix: 
https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc

 I assume this needs a new CVE.


Yup, winner, winner chicken dinner.

Please use CVE-2013-4487 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJScqSqAAoJEBYNRVNeJnmT1XQP/2iFwQR9QAu6P2eLVhi7u3zE
Qimn3Imq/xz3haWsGQxg8+FCCRktxLqufCP44Avh71qDKj3mt/fjeXV2SKeCWU3C
RHIpm1RUCtGjJvHgamd2G64KVOcE5Gq78l7gd0vyL+SiTzvRjky+IpnIPhX0aN8+
IwSnPWPpzKNI2sE/OXNcDEZAzUoEEnQuhef/p/+Jdv/cruiQNfBOcI133zQZvPHh
NYTfV9Tj1zl7QKP6qJ4Ix4NwYztcWobkhlIqoCrblASj7js/0rx0TQucp45G1Jsg
0M/pCm1LCEsy8wzTYwp57TX5xuj/hSFJ2NErYQgbM7x0FjbCBGUeyzAPMtCYxwvh
2xEljP8ixkiug5gGusefGAIfXDkmb/wIBYUgKJc0+C+xsBE1wFlAbdo353df0FJ5
A7VNPY3AINqGbuHgtOOD5OO4Ul4G3Gjdw2PLMQrbk3jagpqoIo1c0MOmt+Z3lGsL
fLuNeV5+RgOnjjM7zMH2BGysWAyU98iURxnImA0lYwAqvlfXIxof/KI3+z2rfREh
f2aX4XqL+qVJSbRyyNlXV8x9HEwTtlYchx54lngTGHRGPFpxFshK0C+Gf+/i6KT/
Yh2No2k5x99UYhDV0pWr8unX0/9J38foJlzO9uVuV46S0x788s2g/1fXZEB7frzy
LBfr2/j9PPjzTY73sEPy
=h/nI
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: