[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

Control: tags -1 + pending

On Thu, 2017-04-27 at 18:29 +0200, Andreas Metzler wrote:
> On 2017-04-27 "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
> > On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote:
> [...]
> >> upstream has now released 3.5.10/3.3.27 including these fixes and
> >> another one on top:
> >>      + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
> >>        Addressed large allocation in OpenPGP certificate parsing, that could
> >>        lead in out-of-memory condition. Issue found using oss-fuzz project, and
> >>        was fixed by Alex Gaynor:
> >>        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
> >>        [GNUTLS-SA-2017-3C]
> >> 
> >> Updated diff for jessie attached.
> 
> > Please go ahead; thanks.
> 
> Thanks, uploaded with the new CVE number mentioned in changelog.

Flagged for acceptance into p-u.

Regards,

Adam
Reply to: