Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

To: Andreas Metzler <ametzler@bebt.de>, 856872@bugs.debian.org
Subject: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 26 Apr 2017 23:15:29 +0100
Message-id: <[🔎] 1493244929.32026.81.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 856872@bugs.debian.org
In-reply-to: <20170306182444.a62chvk4ru2xgn27@argenau.bebt.de>
References: <20170305180808.ryppo6qwjnh5da4r@argenau.bebt.de> <20170306182444.a62chvk4ru2xgn27@argenau.bebt.de>

Control: tags -1 + confirmed

On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote:
> On 2017-03-05 Andreas Metzler <ametzler@bebt.de> wrote:
[...]
> > I would like fix a number of minor issues in GnuTLS.
> 
> > Most of these (notably CVE-2017-533[4567]) are related to the PGP
> > support, security does not intend to issue a DSA:
> [...]
> 
> Hello,
> 
> upstream has now released 3.5.10/3.3.27 including these fixes and
> another one on top:
>      + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
>        Addressed large allocation in OpenPGP certificate parsing, that could
>        lead in out-of-memory condition. Issue found using oss-fuzz project, and
>        was fixed by Alex Gaynor:
>        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
>        [GNUTLS-SA-2017-3C]
> 
> Updated diff for jessie attached.

Please go ahead; thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Bug#861280: jessie-pu: package caja/1.8.2-3+deb8u2
Next by Date: Processed: Re: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Previous by thread: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Next by thread: Processed: Re: Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Index(es):
- Date
- Thread