gnutls heartbleed equivalent?

Doug Barton dougb at
Tue Jun 3 01:32:21 CEST 2014

I'm noticing this in today's Ubuntu updates:

SECURITY UPDATE: memory corruption due to server hello parsing
-debian/patches/CVE-2014-3466.patch: validate session_id_len in

I haven't looked at the code, and the CVE referenced is simply reserved, 
not populated yet. But that description sounds like it's at best a very 
close cousin to our friend heartbleed ...



More information about the Gnupg-users mailing list