[Buildroot] [PATCH] gnutls: security bump to 3.6.7.1

Peter Korsgaard peter at korsgaard.com
Wed Apr 3 08:01:09 UTC 2019


>>>>> "Sørensen," == Sørensen, Stefan <Stefan.Sorensen at spectralink.com> writes:

 > Fixes the following security issues:
 >  * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
 >    that there is an uninitialized pointer access in gnutls versions 3.6.3 or
 >    later which can be triggered by certain post-handshake messages

 >  * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
 >    before 3.6.7. A memory corruption (double free) vulnerability in the
 >    certificate verification API. Any client or server application that
 >    verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

These issues were fixed in 3.6.7, weren't they? I don't see 3.6.7.1
announced yet, what is the delta?

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list