[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: gnutls/libdane buffer overflow
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-10-31 18:42:50
Message-ID: 5272A4AA.4000303 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/31/2013 07:47 AM, Tomas Hoger wrote:
> On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:
>
>> GNUTLS just posted a security adivsory which needs a CVE:
>>
>> http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
>> GNUTLS-SA-2013-3
>
> It is updated now and recommends using 3.1.16 or 3.2.6, which
> correct off-by-one issue in the original fix:
> https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc
>
> I assume this needs a new CVE.
Yup, winner, winner chicken dinner.
Please use CVE-2013-4487 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJScqSqAAoJEBYNRVNeJnmT1XQP/2iFwQR9QAu6P2eLVhi7u3zE
Qimn3Imq/xz3haWsGQxg8+FCCRktxLqufCP44Avh71qDKj3mt/fjeXV2SKeCWU3C
RHIpm1RUCtGjJvHgamd2G64KVOcE5Gq78l7gd0vyL+SiTzvRjky+IpnIPhX0aN8+
IwSnPWPpzKNI2sE/OXNcDEZAzUoEEnQuhef/p/+Jdv/cruiQNfBOcI133zQZvPHh
NYTfV9Tj1zl7QKP6qJ4Ix4NwYztcWobkhlIqoCrblASj7js/0rx0TQucp45G1Jsg
0M/pCm1LCEsy8wzTYwp57TX5xuj/hSFJ2NErYQgbM7x0FjbCBGUeyzAPMtCYxwvh
2xEljP8ixkiug5gGusefGAIfXDkmb/wIBYUgKJc0+C+xsBE1wFlAbdo353df0FJ5
A7VNPY3AINqGbuHgtOOD5OO4Ul4G3Gjdw2PLMQrbk3jagpqoIo1c0MOmt+Z3lGsL
fLuNeV5+RgOnjjM7zMH2BGysWAyU98iURxnImA0lYwAqvlfXIxof/KI3+z2rfREh
f2aX4XqL+qVJSbRyyNlXV8x9HEwTtlYchx54lngTGHRGPFpxFshK0C+Gf+/i6KT/
Yh2No2k5x99UYhDV0pWr8unX0/9J38foJlzO9uVuV46S0x788s2g/1fXZEB7frzy
LBfr2/j9PPjzTY73sEPy
=h/nI
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic