Fwd: GNU Libtasn1 2.12 released
thoger at redhat.com
Tue Mar 20 09:20:27 CET 2012
Nikos Mavrogiannopoulos writes:
> Note that the bug fixed affects all gnutls versions.
Nikos, should the above be read as "all gnutls versions include
libtasn1 versions affected by this problem" or "gnutls uses
asn1_get_length_der incorrectly too"? Have you managed to
confirm the issue in gnutls and can possibly comment on known
possible impacts (e.g. TLS client can trigger this on TLS server
by providing a crafted client certificate during handshake)?
More information about the Gnutls-devel