Bug#864560: gnutls28: CVE-2017-7507
ametzler at bebt.de
Sun Jun 11 16:20:47 UTC 2017
Control: found -1 3.3.8-1
On 2017-06-10 Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: gnutls28
> Version: 3.5.8-1
> the following vulnerability was published for gnutls28.
> Crash upon receiving well-formed status_request extension
> Please adjust the affected versions in the BTS as needed, just checked
> 3.5.8 in unstable sourcewise. Not sure as well if it would need a DSA
> if older versions are affected as well.
thank you for notifying me, I somehow missed this when reading 3.5.13's
It does apply to stable. There is patchset on upstream's gnutls_3_3_x
branch which applies without fuzz to 3.3.8. (See attachment.)
If you are not doing a DSA I can try to fix this in jessie and stretch
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 10428 bytes
Desc: not available
More information about the Pkg-gnutls-maint