Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 May 2008 11:34:37 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: smithj@...ethemallocs.com, Florian Weimer <fw@...eb.enyo.de>,
        "Steven M.
 Christey" <coley@...us.mitre.org>,
        Simon Josefsson <simon@...efsson.org>
Subject: Re: CVE ID request: GNUTLS

On Mon, 19 May 2008 15:26:41 -0800 Jonathan Smith
<smithj@...ethemallocs.com> wrote:

> Florian Weimer wrote:
> | Several issues have been announced in GNUTLS-SA-2008-1:

Some references for Steven to use in the CVE descriptions:

Upstream announcements:

http://www.gnu.org/software/gnutls/security.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

CERT-FI advisory:

https://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

Upstream patches:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=d223040e498bd50a4b9e0aa493e78587ae1ed653


> Note that the fixed versions has changed. 2.2.4 didn't fix the issue,
> so they pushed 2.2.5 today as well.
> 
> reference
> http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2812

Based on discussion here:

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

It seems like a regression.

Adding Simon to CC, so he may comment on this if he wants.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ