CVE-2008-4989 patch causes segfault with certain certificates and gnutls 2.4.x

Axel Theilmann at at
Wed Jan 21 12:23:48 CET 2009

Simon Josefsson wrote:


> The code in 2.6.3 should work equally well to 2.4.x as well, and I
> believe it will solve the problem with crashes.  So I suggest you ask
> the OpenSUSE team to compare 2.6.0 with 2.6.3 and apply the relevant
> patch.  Btw, 2.4.2 also contains a fix for another crash that may be
> useful to apply.

ok, thanks. i'll open a bug with opensuse.

tty, axel

Dipl.-Inform. Axel Theilmann                   at at
Senior Researcher               Phone (+49) 040 / 8080 77 - 880
                                Fax   (+49) 040 / 8080 77 - 877

PRESECURE Consulting GmbH, Muenster        AG Münster, HRB 6581
Geschäftsführer/Managing Director   Dr. Klaus-Peter Kossakowski

                            CarmentiS - Early Warning Expertise

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090121/111faf16/attachment.pgp>

More information about the Gnutls-devel mailing list