According to the RH summary [1]: It was found that GnuTLS would crash when receiving a client hello message with status_request extension that has a non-empty responder_id_list. Upstream ref [2] Upstream patch [3] [4] -- [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7507 [2] https://gnutls.org/security.html#GNUTLS-SA-2017-4 [3] https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b [4] https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
We can stabilize net-libs/gnutls-3.5.13
ia64 stable
amd64 stable
x86 stable
Stable on alpha.
ppc stable
ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
I am very sorry, but arm stabilize lately the older package in bug#612340, so need this one as well.
New GLSA Request filed. @Maintainers, please proceed to cleanup. Gentoo Security Padawan ChrisADR
(In reply to Alon Bar-Lev from comment #8) > I am very sorry, but arm stabilize lately the older package in bug#612340, > so need this one as well. I updated the keywords and forgot to add CC, sorry!
arm, please?
arm stable, all arches done.
Thanks! ebuild was removed.
Thank you all.
This issue was resolved and addressed in GLSA 201710-15 at https://security.gentoo.org/glsa/201710-15 by GLSA coordinator Aaron Bauman (b-man).