Package: libgnutls11 Version: 1.0.16-9 Severity: serious The current libgnutls11 ships with a major bug, which improperly checks user provided data, and can easily lead to denial of service attacks.
The bug was discovered by INL during a security audit of NuFW, and reported to the gnutls development team, who released a new version (1.0.25 and 1.2.3) correcting the bug. More details about this issue can be found at this URL : http://www.gnu.org/software/gnutls/security.html The bug was also reported to Debian's security team during the 2nd half of April, with no feedback at this time. I am marking the severity as serious, as this actually makes other software installed on the system potentially unusable by easily allowing a Denial of Service attack on other packages such as OpenLDAP. Maybe this should be marked a higher severity? I suggest the package be upgraded to 1.0.25, or the bugfix be backported to debian's 1.0.16. Regards, Vincent Deffontaines -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
