Bug#864560: gnutls28: CVE-2017-7507

Andreas Metzler ametzler at bebt.de
Sun Jun 11 16:20:47 UTC 2017

Control: found -1 3.3.8-1

On 2017-06-10 Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: gnutls28
> Version: 3.5.8-1
> the following vulnerability was published for gnutls28.

> CVE-2017-7507[0]:
> Crash upon receiving well-formed status_request extension
> Please adjust the affected versions in the BTS as needed, just checked
> 3.5.8 in unstable sourcewise. Not sure as well if it would need a DSA
> if older versions are affected as well.

Hello Salvatore,

thank you for notifying me, I somehow missed this when reading 3.5.13's

It does apply to stable. There is patchset on upstream's gnutls_3_3_x
branch which applies without fuzz to 3.3.8. (See attachment.)

If you are not doing a DSA I can try to fix this in jessie and stretch
point releases.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proposed_jessie.patch
Type: text/x-diff
Size: 10428 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20170611/56f0cdf0/attachment.patch>

More information about the Pkg-gnutls-maint mailing list