Date: Tue, 20 May 2008 11:34:37 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: smithj@...ethemallocs.com, Florian Weimer <fw@...eb.enyo.de>, "Steven M. Christey" <coley@...us.mitre.org>, Simon Josefsson <simon@...efsson.org> Subject: Re: CVE ID request: GNUTLS On Mon, 19 May 2008 15:26:41 -0800 Jonathan Smith <smithj@...ethemallocs.com> wrote: > Florian Weimer wrote: > | Several issues have been announced in GNUTLS-SA-2008-1: Some references for Steven to use in the CVE descriptions: Upstream announcements: http://www.gnu.org/software/gnutls/security.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html CERT-FI advisory: https://www.cert.fi/haavoittuvuudet/advisory-gnutls.html Upstream patches: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=d223040e498bd50a4b9e0aa493e78587ae1ed653 > Note that the fixed versions has changed. 2.2.4 didn't fix the issue, > so they pushed 2.2.5 today as well. > > reference > http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2812 Based on discussion here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html It seems like a regression. Adding Simon to CC, so he may comment on this if he wants. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ