The _gnutls_x509_verify_certificate fix
Simon Josefsson
simon at josefsson.org
Wed Nov 12 11:16:08 CET 2008
Simon Josefsson <simon at josefsson.org> writes:
>> Applying this to 2.4.2 this does away with the crash, however it does
>> not fix the advisory anymore. (The way to reproduce described in
>> http://news.gmane.org/find-root.php?message_id=%3c4918143A.3050103%40gmx.net%3e
>> works again.
>
> Really? I think the patch should solve both the crash and the
> advisory. Are you sure you used the right library?
I've tested the patch and it appears to fix both the crash and the
vulnerability. Please test it again. I've prepared a daily build of
v2.6.2 containing that fix:
http://daily.josefsson.org/gnutls-2.6/gnutls-2.6-20081112.tar.gz
/Simon
More information about the Gnutls-devel
mailing list