[Bug 978661] Re: [Precise] gnutls26 is vulnerable to CVE-2012-1573

Marc Deslauriers marc.deslauriers at canonical.com
Wed Apr 11 12:59:34 UTC 2012


ACK on the debdiff, uploaded to Precise.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/978661

Title:
  [Precise] gnutls26 is vulnerable to CVE-2012-1573

Status in “gnutls26” package in Ubuntu:
  Confirmed

Bug description:
  Mitre's description of CVE-2012-1573:

  ---
  gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
  ---

  I've updated the stable releases but need a sponsor if this is deemed
  urgent enough to make it into the Precise release.

  More information can be found in the Ubuntu CVE Tracker:

  http://people.canonical.com/~ubuntu-
  security/cve/2012/CVE-2012-1573.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/978661/+subscriptions



More information about the Ubuntu-sponsors mailing list