gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: null pointer dereference via status response TLS
extension decoding
- debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
properly deinitialized in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
from client extension in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-3.patch: documented requirements for
parameters in lib/ext/status_request.c.
- CVE-2017-7507
* SECURITY UPDATE: DoS and possible code execution via OpenPGP
certificate decoding
- debian/patches/CVE-2017-7869.patch: enforce packet limits in
lib/opencdk/read-packet.c.
- CVE-2017-7869
Date: 2017-06-12 15:25:20.478193+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.3
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
