Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: gnutls/libdane buffer overflow
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 31 Oct 2013 14:47:01 +0100

On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:

GNUTLS just posted a security adivsory which needs a CVE:

http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
GNUTLS-SA-2013-3

It is updated now and recommends using 3.1.16 or 3.2.6, which correct
off-by-one issue in the original fix:
https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc

I assume this needs a new CVE.

-- 
Tomas Hoger / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault