oss-sec mailing list archives
Re: CVE Request: gnutls/libdane buffer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 31 Oct 2013 12:42:50 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/31/2013 07:47 AM, Tomas Hoger wrote:
On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:GNUTLS just posted a security adivsory which needs a CVE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3It is updated now and recommends using 3.1.16 or 3.2.6, which correct off-by-one issue in the original fix: https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc I assume this needs a new CVE.
Yup, winner, winner chicken dinner. Please use CVE-2013-4487 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJScqSqAAoJEBYNRVNeJnmT1XQP/2iFwQR9QAu6P2eLVhi7u3zE Qimn3Imq/xz3haWsGQxg8+FCCRktxLqufCP44Avh71qDKj3mt/fjeXV2SKeCWU3C RHIpm1RUCtGjJvHgamd2G64KVOcE5Gq78l7gd0vyL+SiTzvRjky+IpnIPhX0aN8+ IwSnPWPpzKNI2sE/OXNcDEZAzUoEEnQuhef/p/+Jdv/cruiQNfBOcI133zQZvPHh NYTfV9Tj1zl7QKP6qJ4Ix4NwYztcWobkhlIqoCrblASj7js/0rx0TQucp45G1Jsg 0M/pCm1LCEsy8wzTYwp57TX5xuj/hSFJ2NErYQgbM7x0FjbCBGUeyzAPMtCYxwvh 2xEljP8ixkiug5gGusefGAIfXDkmb/wIBYUgKJc0+C+xsBE1wFlAbdo353df0FJ5 A7VNPY3AINqGbuHgtOOD5OO4Ul4G3Gjdw2PLMQrbk3jagpqoIo1c0MOmt+Z3lGsL fLuNeV5+RgOnjjM7zMH2BGysWAyU98iURxnImA0lYwAqvlfXIxof/KI3+z2rfREh f2aX4XqL+qVJSbRyyNlXV8x9HEwTtlYchx54lngTGHRGPFpxFshK0C+Gf+/i6KT/ Yh2No2k5x99UYhDV0pWr8unX0/9J38foJlzO9uVuV46S0x788s2g/1fXZEB7frzy LBfr2/j9PPjzTY73sEPy =h/nI -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gnutls/libdane buffer overflow Marcus Meissner (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Tomas Hoger (Oct 31)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 31)