[Bug 978661] Re: [Precise] gnutls26 is vulnerable to CVE-2012-1573
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Apr 11 12:59:34 UTC 2012
ACK on the debdiff, uploaded to Precise.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/978661
Title:
[Precise] gnutls26 is vulnerable to CVE-2012-1573
Status in “gnutls26” package in Ubuntu:
Confirmed
Bug description:
Mitre's description of CVE-2012-1573:
---
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
---
I've updated the stable releases but need a sponsor if this is deemed
urgent enough to make it into the Precise release.
More information can be found in the Ubuntu CVE Tracker:
http://people.canonical.com/~ubuntu-
security/cve/2012/CVE-2012-1573.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/978661/+subscriptions
More information about the Ubuntu-sponsors
mailing list