Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2

Michael Meskes meskes at debian.org
Tue Nov 11 11:40:07 UTC 2008 

Package: libgnutls26
Version: 2.4.2-2
Severity: critical
Justification: breaks unrelated software

Since updating libgnutls26 today I cannot use mutt anymore because it gets a
segfault. Here's what gdb says:

#0  0xf7e13ff4 in _gnutls_x509_crt_get_raw_dn2 (cert=0x11, whom=0xf7e4e367 "issuer", start=0xff9b6a04) at x509.c:1718
#1  0xf7e18c9a in is_issuer (cert=0xf7e4cdce, issuer_cert=0x89c4d90) at verify.c:164
#2  0xf7e19b12 in _gnutls_verify_certificate2 (cert=0x11, trusted_cas=<value optimized out>, tcas_size=145, flags=0, output=0xff9b6ac8)
    at verify.c:199
#3  0xf7e1a381 in gnutls_x509_crt_list_verify (cert_list=0x8b27a68, cert_list_length=0, CA_list=0x8b1e250, CA_list_length=145, CRL_list=0x0,
    CRL_list_length=0, flags=0, verify=0xff9b6b8c) at verify.c:396
#4  0xf7dfc64c in _gnutls_x509_cert_verify_peers (session=0x8b26540, status=0xff9b6b8c) at gnutls_x509.c:176
#5  0xf7dee921 in gnutls_certificate_verify_peers2 (session=0x8b26540, status=0xff9b6b8c) at gnutls_cert.c:606
#6  0xf7dee959 in gnutls_certificate_verify_peers (session=0x8b26540) at gnutls_cert.c:639
#7  0x080d46d8 in tls_check_certificate (conn=0x89c38b8) at ../mutt_ssl_gnutls.c:509
#8  0x080d5ad8 in tls_negotiate (conn=0x89c38b8) at ../mutt_ssl_gnutls.c:269
#9  0x080d5c85 in mutt_ssl_starttls (conn=0x89c38b8) at ../mutt_ssl_gnutls.c:162
#10 0x080de14d in imap_open_connection (idata=0x89c3e30) at ../../imap/imap.c:436
#11 0x080de3fd in imap_conn_find (account=0xff9b83c4, flags=<value optimized out>) at ../../imap/imap.c:367
#12 0x080df1d1 in imap_open_mailbox (ctx=0x89b8400) at ../../imap/imap.c:567
...

Downgrading to 2.4.2-1 immediately fixes the problem.

Michael
-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgnutls26 depends on:
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libgcrypt11            1.4.1-2           LGPL Crypto library - runtime libr
ii  libgpg-error0          1.4-2             library for common error values an
ii  libtasn1-3             1.5-1             Manage ASN.1 structures (runtime)
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

libgnutls26 recommends no packages.

Versions of packages libgnutls26 suggests:
pn  gnutls-bin                    <none>     (no description available)

-- no debconf information

More information about the Pkg-gnutls-maint mailing list