gnutls heartbleed equivalent?
Doug Barton
dougb at dougbarton.us
Tue Jun 3 01:32:21 CEST 2014
I'm noticing this in today's Ubuntu updates:
SECURITY UPDATE: memory corruption due to server hello parsing
-debian/patches/CVE-2014-3466.patch: validate session_id_len in
lib/gnutls_handshake.c
I haven't looked at the code, and the CVE referenced is simply reserved,
not populated yet. But that description sounds like it's at best a very
close cousin to our friend heartbleed ...
curious,
Doug
More information about the Gnupg-users
mailing list