[Buildroot] [PATCH] gnutls: security bump to version 3.5.10
Peter Korsgaard
peter at korsgaard.com
Tue Mar 7 15:10:43 UTC 2017
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at free-electrons.com> writes:
> Hello,
> On Mon, 6 Mar 2017 11:55:06 -0300, Gustavo Zacarias wrote:
>> Fixes:
>> GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
>> memory write in OpenPGP certificate parsing.
>> GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
>> related to private key parser. No longer allow OpenPGP certificates
>> (public keys) to contain private key sub-packets.
>> GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
>> parsing, that could lead in out-of-memory condition.
>>
>> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
>> ---
>> package/gnutls/gnutls.hash | 2 +-
>> package/gnutls/gnutls.mk | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
> Applied to master, thanks. Peter: we want this one for LTS I guess.
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list