oss-security - Re: CVE Request: gnutls/libdane buffer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 31 Oct 2013 12:42:50 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: gnutls/libdane buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/31/2013 07:47 AM, Tomas Hoger wrote:
> On Thu, 24 Oct 2013 16:04:10 +0200 Marcus Meissner wrote:
> 
>> GNUTLS just posted a security adivsory which needs a CVE:
>> 
>> http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 
>> GNUTLS-SA-2013-3
> 
> It is updated now and recommends using 3.1.16 or 3.2.6, which
> correct off-by-one issue in the original fix: 
> https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc
>
>  I assume this needs a new CVE.

Yup, winner, winner chicken dinner.

Please use CVE-2013-4487 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJScqSqAAoJEBYNRVNeJnmT1XQP/2iFwQR9QAu6P2eLVhi7u3zE
Qimn3Imq/xz3haWsGQxg8+FCCRktxLqufCP44Avh71qDKj3mt/fjeXV2SKeCWU3C
RHIpm1RUCtGjJvHgamd2G64KVOcE5Gq78l7gd0vyL+SiTzvRjky+IpnIPhX0aN8+
IwSnPWPpzKNI2sE/OXNcDEZAzUoEEnQuhef/p/+Jdv/cruiQNfBOcI133zQZvPHh
NYTfV9Tj1zl7QKP6qJ4Ix4NwYztcWobkhlIqoCrblASj7js/0rx0TQucp45G1Jsg
0M/pCm1LCEsy8wzTYwp57TX5xuj/hSFJ2NErYQgbM7x0FjbCBGUeyzAPMtCYxwvh
2xEljP8ixkiug5gGusefGAIfXDkmb/wIBYUgKJc0+C+xsBE1wFlAbdo353df0FJ5
A7VNPY3AINqGbuHgtOOD5OO4Ul4G3Gjdw2PLMQrbk3jagpqoIo1c0MOmt+Z3lGsL
fLuNeV5+RgOnjjM7zMH2BGysWAyU98iURxnImA0lYwAqvlfXIxof/KI3+z2rfREh
f2aX4XqL+qVJSbRyyNlXV8x9HEwTtlYchx54lngTGHRGPFpxFshK0C+Gf+/i6KT/
Yh2No2k5x99UYhDV0pWr8unX0/9J38foJlzO9uVuV46S0x788s2g/1fXZEB7frzy
LBfr2/j9PPjzTY73sEPy
=h/nI
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.