Package: gnutls26
Severity: important
Tags: security

Please see http://www.gnu.org/s/gnutls/security.html for details.

Fixes:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=7fc8fa6464d305440fddab423079c76a915decc3
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=588708465992e1d9fc09cf4e3a39caef878428d9

Given the following inline documentation I would assume that this
could be triggered by a malicious server providing a service over
TLS to crash the client, but not the other way 'round. Is that correct?

/**                                                                             
                                                                                
                     * gnutls_session_get_data - Returns all session 
parameters.                                                                     
                                                   * @session: is a 
#gnutls_session_t structure.                                                    
                                                                                
  * @session_data: is a pointer to space to hold the session.                   
                                                                                
                     * @session_data_size: is the session_data's size, or it 
will be set by the function.                                                    
                                           *                                    
                                                        
                                                                                
      
  * Returns all session parameters, in order to support resuming.  The          
                                                                                
                     * client should call this, and keep the returned session, 
if he                                                                           
                                         * wants to resume that current version 
later by calling                                                                
                                                            * 
gnutls_session_set_data() This function must be called after a                  
                                                                                
                 * successful handshake.                                        
                                                                                
                                   
  *                                                                             
                                                                                
                     * Resuming sessions is really useful and speedups 
connections after                                                               
                                                 * a succesful one.             
                                                                                
                                                                    *           
                                                                                
                                                                                
      
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise           
                                                                                
                     *   an error code is returned.                             
                                                                                
                                        **/

Cheers,
        Moritz



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to