Package: gnutls26 Severity: important Tags: security Please see http://www.gnu.org/s/gnutls/security.html for details.
Fixes: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=7fc8fa6464d305440fddab423079c76a915decc3 http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=588708465992e1d9fc09cf4e3a39caef878428d9 Given the following inline documentation I would assume that this could be triggered by a malicious server providing a service over TLS to crash the client, but not the other way 'round. Is that correct? /** * gnutls_session_get_data - Returns all session parameters. * @session: is a #gnutls_session_t structure. * @session_data: is a pointer to space to hold the session. * @session_data_size: is the session_data's size, or it will be set by the function. * * Returns all session parameters, in order to support resuming. The * client should call this, and keep the returned session, if he * wants to resume that current version later by calling * gnutls_session_set_data() This function must be called after a * successful handshake. * * Resuming sessions is really useful and speedups connections after * a succesful one. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. **/ Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

