Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Oct 2013 16:04:10 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: gnutls/libdane buffer overflow


GNUTLS just posted a security adivsory which needs a CVE:
Denial of service
This vulnerability affects the DANE library of gnutls 3.1.x and gnutls
3.2.x. A server that returns more 4 DANE entries could corrupt the memory
of a requesting client.  Recommendation: Upgrade to the latest gnutls
version (3.1.15 or 3.2.5)

Commit for 3.1:

Commit for 3.2:

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.