Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Hi
On Sun, Mar 05, 2017 at 07:08:08PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Hello,
>
> I would like fix a number of minor issues in GnuTLS.
Would still be great to see that in the next point release.
Note there is one more CVE in meanwhile assigned:
> Most of these (notably CVE-2017-533[4567]) are related to the PGP
> support, security does not intend to issue a DSA:
> + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
> overflow resulting to invalid memory write in OpenPGP certificate
> parsing. Issue found using oss-fuzz project:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
> [GNUTLS-SA-2017-3A]
This one got CVE-2017-7869 assigned, cf.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7869
Regards,
Salvatore
Reply to: