[gnutls-devel] gnutls 3.2.5

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Oct 24 09:57:47 CEST 2013


On 10/24/2013 09:27 AM, Tomas Hoger wrote:

>> ** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could
>> be triggered by a DNS server supplying more than 4 DANE records.
>> Report and fix by Christian Grothoff.
> This sounds like a security fix rather than just a regular bug fix, but
> 3.2.5 and 3.1.15 releases were not announced as security updates.  As I
> can't say I'm familiar with DANE, I wonder if I may be missing some
> good reason why this isn't or should not be considered a security fix.

Hello,
 It is a security fix. There is no different process for them though. I
should assign a GNUTLS-SA though.

regards,
Nikos




More information about the Gnutls-devel mailing list