[Secure-testing-team] Bug#727660: gnutls28: CVE-2013-4466: GNUTLS-SA-2013-3
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 25 04:20:17 UTC 2013
Package: gnutls28
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for gnutls28.
CVE-2013-4466[0]:
gnutls/libdane buffer overflow
This only affects 3.1.x and 3.2.x so, gnutls28. A patch [1] is
provided (upstream recomendation is to directly update to 3.2.5, see
[2]).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466
http://security-tracker.debian.org/tracker/CVE-2013-4466
[1] https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3
[2] http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
Regards,
Salvatore
More information about the Secure-testing-team
mailing list