Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

To: Andreas Metzler <ametzler@bebt.de>, 856872@bugs.debian.org
Cc: Debian Security Team <team@security.debian.org>
Subject: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 14 Apr 2017 11:34:08 +0200
Message-id: <[🔎] 20170414093408.boftds3xtetstidn@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 856872@bugs.debian.org
In-reply-to: <20170305180808.ryppo6qwjnh5da4r@argenau.bebt.de>
References: <20170305180808.ryppo6qwjnh5da4r@argenau.bebt.de>

Hi

On Sun, Mar 05, 2017 at 07:08:08PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hello,
> 
> I would like fix a number of minor issues in GnuTLS.

Would still be great to see that in the next point release.

Note there is one more CVE in meanwhile assigned:

> Most of these (notably CVE-2017-533[4567]) are related to the PGP
> support, security does not intend to issue a DSA:
> + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
>   overflow resulting to invalid memory write in OpenPGP certificate
>   parsing.  Issue found using oss-fuzz project:
>   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
>   [GNUTLS-SA-2017-3A]

This one got CVE-2017-7869 assigned, cf.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7869

Regards,
Salvatore

Reply to:

Prev by Date: Bug#859708: unblock: kodi/2:17.1+dfsg1-2
Next by Date: Bug#860310: unblock pre-apptoval request for yade/2017.01a-8
Previous by thread: Bug#860299: marked as done (unblock: osm2pgsql/0.92.0+ds-2)
Next by thread: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Index(es):
- Date
- Thread