[gnutls-devel] GNUTLS-SA-2017-4 (was: gnutls 3.5.13)
Andreas Metzler
ametzler at bebt.de
Sun Jun 11 11:43:49 CEST 2017
On 2017-06-07 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> Hello,
> I've just released gnutls 3.5.13. This is a bug fix release on the
> 3.5.x branch.
[...]
> ** libgnutls: no longer parse the ResponseID field of the status response
> TLS extension. The field is not used by GnuTLS nor is made available to
> calling applications. That addresses a null pointer dereference on server
> side caused by packets containing the ResponseID field. Reported
> by Hubert Kario. [GNUTLS-SA-2017-4]
[...]
Hello,
do you know to which versions of GnuTLS this applies? Afaict it seems to
apply to 3.3.8, too.
TIA cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel
mailing list