[Buildroot] [PATCH] gnutls: security bump to 220.127.116.11
peter at korsgaard.com
Wed Apr 3 08:01:09 UTC 2019
>>>>> "Sørensen," == Sørensen, Stefan <Stefan.Sorensen at spectralink.com> writes:
> Fixes the following security issues:
> * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
> that there is an uninitialized pointer access in gnutls versions 3.6.3 or
> later which can be triggered by certain post-handshake messages
> * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
> before 3.6.7. A memory corruption (double free) vulnerability in the
> certificate verification API. Any client or server application that
> verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
These issues were fixed in 3.6.7, weren't they? I don't see 18.104.22.168
announced yet, what is the delta?
Bye, Peter Korsgaard
More information about the buildroot