Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 May 2008 11:34:37 +0200
From: Tomas Hoger <>
Cc:, Florian Weimer <>,
        "Steven M.
 Christey" <>,
        Simon Josefsson <>
Subject: Re: CVE ID request: GNUTLS

On Mon, 19 May 2008 15:26:41 -0800 Jonathan Smith
<> wrote:

> Florian Weimer wrote:
> | Several issues have been announced in GNUTLS-SA-2008-1:

Some references for Steven to use in the CVE descriptions:

Upstream announcements:

CERT-FI advisory:

Upstream patches:;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b;a=commitdiff;h=d223040e498bd50a4b9e0aa493e78587ae1ed653

> Note that the fixed versions has changed. 2.2.4 didn't fix the issue,
> so they pushed 2.2.5 today as well.
> reference

Based on discussion here:

It seems like a regression.

Adding Simon to CC, so he may comment on this if he wants.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ