[Buildroot] [PATCH] gnutls: security bump to 3.6.7.1
Peter Korsgaard
peter at korsgaard.com
Sun Apr 7 20:54:25 UTC 2019
>>>>> "Sørensen," == Sørensen, Stefan <Stefan.Sorensen at spectralink.com> writes:
> Fixes the following security issues:
> * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
> that there is an uninitialized pointer access in gnutls versions 3.6.3 or
> later which can be triggered by certain post-handshake messages
> * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
> before 3.6.7. A memory corruption (double free) vulnerability in the
> certificate verification API. Any client or server application that
> verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
Committed after fixing the license file hash and adding a note that
3.6.7.1 fixes a tarball packaging issue, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list