Upstream has fixed two memory corruption vulnerabilities with 3.3.26 and 3.5.8. One of them affects OpenPGP certificates (which nobody uses and which are considered deprecated), the other more significant one X.509 certificates.
The fixed versions are already in the tree, but I haven't found an open security bug yet.
@maintainer(s), any concerns with stabilizing here?
Go ahead with stabilization.
CVE request: http://seclists.org/oss-sec/2017/q1/51
please test and mark stable: =net-libs/gnutls-3.3.26
Stable on alpha.
Stable for HPPA.
New GLSA request filed.
@ Maintainer(s): Please cleanup and drop <net-libs/gnutls-3.3.26!
(In reply to Thomas Deutschmann from comment #13)
> New GLSA request filed.
> @ Maintainer(s): Please cleanup and drop <net-libs/gnutls-3.3.26!
This issue was resolved and addressed in
GLSA 201702-04 at https://security.gentoo.org/glsa/201702-04
by GLSA coordinator Thomas Deutschmann (whissi).