[ubuntu/xenial-security] gnutls28 3.4.10-4ubuntu1.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 13 16:54:26 UTC 2017
gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: null pointer dereference via status response TLS
extension decoding
- debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
properly deinitialized in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
from client extension in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-3.patch: documented requirements for
parameters in lib/ext/status_request.c.
- CVE-2017-7507
* SECURITY UPDATE: DoS and possible code execution via OpenPGP
certificate decoding
- debian/patches/CVE-2017-7869.patch: enforce packet limits in
lib/opencdk/read-packet.c.
- CVE-2017-7869
Date: 2017-06-12 15:25:20.478193+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list