CVE-2008-4989 patch causes segfault with certain certificates and gnutls 2.4.x
Simon Josefsson
simon at josefsson.org
Wed Jan 21 13:57:56 CET 2009
Axel Theilmann <at at pre-secure.de> writes:
> Simon Josefsson wrote:
>
> moin,
>
>> The code in 2.6.3 should work equally well to 2.4.x as well, and I
>> believe it will solve the problem with crashes. So I suggest you ask
>> the OpenSUSE team to compare 2.6.0 with 2.6.3 and apply the relevant
>> patch. Btw, 2.4.2 also contains a fix for another crash that may be
>> useful to apply.
>
> ok, thanks. i'll open a bug with opensuse.
Possibly we should do another release of the 2.4.x branch too, it seems
many haven't upgraded to 2.6.x yet...
/Simon
More information about the Gnutls-devel
mailing list