Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 230263
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 230263 depends on: Show dependency tree
Bug 230263 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-06-30 21:12 0000 
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Tomas Mraz of RedHat reported an issue in GnuTLS that can lead to a function
dereference of a freed heap structure. Impact is currently under discussion.
This bug was introduced in GnuTLS 2.3.5 and is present in GnuTLS 2.4.0.

Please do not proceed any affected versions for stabling. This only affects our
~arch systems.

------- Comment #1 From Daniel Black 2008-07-01 10:48:22 0000 ------- 
public as per urls
detail http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2948

will do ebuild soon

------- Comment #2 From Daniel Black 2008-07-01 12:45:39 0000 ------- 
gnutls-2.4.1 added
gnutls-2.4.0 and gnutls-2.3.11.ebuild removed

thanks Robert. description from upstream makes it seem though RCE is unlikely
and DoS is fairly sure.

------- Comment #3 From Robert Buchholz 2008-07-01 13:51:55 0000 ------- 
Thanks, closing then.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug