[Bug 1326779] Re: libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty

Launchpad Bug Tracker Thu, 11 Jun 2015 11:21:48 -0700

This bug was fixed in the package gnutls28 - 3.2.11-2ubuntu1.1

---------------
gnutls28 (3.2.11-2ubuntu1.1) trusty-security; urgency=medium


  [ Gianfranco Costamagna ]
  * SECURITY UPDATE: Denial of service and possible remote arbitrary code
    execution via crafted ServerHello message
    - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
      session id size. Based on upstream patch. (LP: #1326779)

  [ Tyler Hicks ]
  * debian/patches/21_CVE-2014-3466.patch: Fold in the test for
    CVE-2014-3466's fix. Based on upstream patch.

 -- Tyler Hicks <[email protected]>  Thu, 11 Jun 2015 10:42:35 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1326779

Title:
  libgnutls28 appears to not have been updated for CVE-2014-3466 in
  Trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1326779] Re: libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty

Reply via email to