From ${URL} : gnutls 3.3.14 fixes a double-free in parsing CRL distribution points. It will affect applications which parse CRL distribution points or print contents of certificates with gnutls-provided functions (e.g. gnutls_x509_crt_print()) Usually a DoS under modern mem allocators, but creating something more interesting using double-free exploitation techniques is not out of the question changelists: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > @maintainer(s): since the fixed package is already in the tree, please let > us know if it is ready for the stabilization or not. sure, needed anyway. thanks!
30+ days, are we ready to go stable?
(In reply to Yury German from comment #2) > 30+ days, are we ready to go stable? yes, already replied, do you want me to CC archs?
(In reply to Alon Bar-Lev from comment #3) > (In reply to Yury German from comment #2) > > 30+ days, are we ready to go stable? > > yes, already replied, do you want me to CC archs? No, this is handled in bug 548636 , hence stable blocked :)
Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s).
Done, thanks.
This issue was resolved and addressed in GLSA 201506-03 at https://security.gentoo.org/glsa/201506-03 by GLSA coordinator Kristian Fiskerstrand (K_F).
CVE-2015-3308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3308): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** gnutls 3.3.14 fixes a double-free in parsing CRL distribution points. It will affect applications which parse CRL distribution points or print contents of certificates with gnutls-provided functions (e.g. gnutls_x509_crt_print())