Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5
Andreas Metzler
ametzler at bebt.de
Mon Mar 6 18:24:44 UTC 2017
On 2017-03-05 Andreas Metzler <ametzler at bebt.de> wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org at packages.debian.org
> Usertags: pu
> Hello,
> I would like fix a number of minor issues in GnuTLS.
> Most of these (notably CVE-2017-533[4567]) are related to the PGP
> support, security does not intend to issue a DSA:
[...]
Hello,
upstream has now released 3.5.10/3.3.27 including these fixes and
another one on top:
+ 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
Addressed large allocation in OpenPGP certificate parsing, that could
lead in out-of-memory condition. Issue found using oss-fuzz project, and
was fixed by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
Updated diff for jessie attached.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from_u4_to_u5-v2.diff
Type: text/x-diff
Size: 44179 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20170306/e153ede2/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20170306/e153ede2/attachment-0001.sig>
More information about the Pkg-gnutls-maint
mailing list