Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Andreas Metzler
ametzler at bebt.de
Thu Apr 27 16:29:24 UTC 2017
On 2017-04-27 "Adam D. Barratt" <adam at adam-barratt.org.uk> wrote:
> On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote:
[...]
>> upstream has now released 3.5.10/3.3.27 including these fixes and
>> another one on top:
>> + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
>> Addressed large allocation in OpenPGP certificate parsing, that could
>> lead in out-of-memory condition. Issue found using oss-fuzz project, and
>> was fixed by Alex Gaynor:
>> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
>> [GNUTLS-SA-2017-3C]
>>
>> Updated diff for jessie attached.
> Please go ahead; thanks.
Thanks, uploaded with the new CVE number mentioned in changelog.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list