[gnutls-devel] GNUTLS-SA-2017-4 (was: gnutls 3.5.13)

Andreas Metzler ametzler at bebt.de
Sun Jun 11 11:43:49 CEST 2017

On 2017-06-07 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> Hello, 
>  I've just released gnutls 3.5.13. This is a bug fix release on the
> 3.5.x branch.
> ** libgnutls: no longer parse the ResponseID field of the status response
>    TLS extension. The field is not used by GnuTLS nor is made available to
>    calling applications. That addresses a null pointer dereference on server
>    side caused by packets containing the ResponseID field. Reported
>    by Hubert Kario. [GNUTLS-SA-2017-4]


do you know to which versions of GnuTLS this applies? Afaict it seems to
apply to 3.3.8, too.

TIA cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list