[ubuntu/yakkety-security] gnutls28 3.5.3-5ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 1 17:43:22 UTC 2017


gnutls28 (3.5.3-5ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/handshake.c, lib/state.c.
    - CVE-2016-8610
  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337

Date: 2017-01-26 19:18:14.964259+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.5.3-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Yakkety-changes mailing list