[gnutls-devel] GnuTLS | Amendment to SECURITY.md (#1881)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon May 4 16:05:47 CEST 2026
Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/work_items/1881#note_3311655051
> The server applications should use address space isolation, meaning that any malicious attempts after successful authentication do not affect other users of the service
s/any malicious attempts after successful authentication do not affect other users of the service/a compromised authenticated user cannot read or modify another user's data/ ?
> The difficulty is typically due to factors such as demanding timing constraints, specific platform prerequisites, or the involvement of rare options or protocols
Should we detail what are "common" options and protocols"? Is DTLS one? Would this downgrade, say, the recent datagram of death ([CVE-2026-33845](https://gitlab.com/gnutls/gnutls/-/issues/1811)) to a Low?
Should src/ be out of scope, except generating long-lived key material with certtool?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1881#note_3311655051
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-32n6sif5ej56erc7918er6ydg-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260504/f46b70e5/attachment.html>
More information about the Gnutls-devel
mailing list