Bug#864560: gnutls28: CVE-2017-7507
Andreas Metzler
ametzler at bebt.de
Sun Jun 11 16:20:47 UTC 2017
Control: found -1 3.3.8-1
On 2017-06-10 Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: gnutls28
> Version: 3.5.8-1
[...]
> the following vulnerability was published for gnutls28.
> CVE-2017-7507[0]:
> Crash upon receiving well-formed status_request extension
[...]
> Please adjust the affected versions in the BTS as needed, just checked
> 3.5.8 in unstable sourcewise. Not sure as well if it would need a DSA
> if older versions are affected as well.
Hello Salvatore,
thank you for notifying me, I somehow missed this when reading 3.5.13's
NEWS.
It does apply to stable. There is patchset on upstream's gnutls_3_3_x
branch which applies without fuzz to 3.3.8. (See attachment.)
If you are not doing a DSA I can try to fix this in jessie and stretch
point releases.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proposed_jessie.patch
Type: text/x-diff
Size: 10428 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20170611/56f0cdf0/attachment.patch>
More information about the Pkg-gnutls-maint
mailing list