Summary: | <net-libs/gnutls-3.3.14: double-free in gnutls (CRL distribution points parsing) (CVE-2015-3308) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/04/15/6 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 548636 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-04-16 10:15:59 UTC
(In reply to Agostino Sarubbo from comment #0) > @maintainer(s): since the fixed package is already in the tree, please let > us know if it is ready for the stabilization or not. sure, needed anyway. thanks! 30+ days, are we ready to go stable? (In reply to Yury German from comment #2) > 30+ days, are we ready to go stable? yes, already replied, do you want me to CC archs? (In reply to Alon Bar-Lev from comment #3) > (In reply to Yury German from comment #2) > > 30+ days, are we ready to go stable? > > yes, already replied, do you want me to CC archs? No, this is handled in bug 548636 , hence stable blocked :) Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). Done, thanks. This issue was resolved and addressed in GLSA 201506-03 at https://security.gentoo.org/glsa/201506-03 by GLSA coordinator Kristian Fiskerstrand (K_F). CVE-2015-3308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3308): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** gnutls 3.3.14 fixes a double-free in parsing CRL distribution points. It will affect applications which parse CRL distribution points or print contents of certificates with gnutls-provided functions (e.g. gnutls_x509_crt_print()) |