[Buildroot] [PATCH] gnutls: security bump to 3.6.7.1

Peter Korsgaard peter at korsgaard.com
Sun Apr 14 21:17:35 UTC 2019


>>>>> "Sørensen," == Sørensen, Stefan <Stefan.Sorensen at spectralink.com> writes:

 > Fixes the following security issues:
 >  * CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream
 >    that there is an uninitialized pointer access in gnutls versions 3.6.3 or
 >    later which can be triggered by certain post-handshake messages

 >  * CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8
 >    before 3.6.7. A memory corruption (double free) vulnerability in the
 >    certificate verification API. Any client or server application that
 >    verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

 > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>

Committed to 2019.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list