[ubuntu/zesty-security] gnutls28 3.5.6-4ubuntu4.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 13 16:54:24 UTC 2017


gnutls28 (3.5.6-4ubuntu4.1) zesty-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference via status response TLS
    extension decoding
    - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
      properly deinitialized in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
      from client extension in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-3.patch: documented requirements for
      parameters in lib/ext/status_request.c.
    - CVE-2017-7507
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

Date: 2017-06-12 14:53:15.674063+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.5.6-4ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Zesty-changes mailing list