[gnutls-devel] gnutls 3.2.5

Tomas Hoger thoger at redhat.com
Thu Oct 24 09:27:16 CEST 2013


On Wed, 23 Oct 2013 13:33:20 +0200 Nikos Mavrogiannopoulos wrote:

> ** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could
> be triggered by a DNS server supplying more than 4 DANE records.
> Report and fix by Christian Grothoff.

This sounds like a security fix rather than just a regular bug fix, but
3.2.5 and 3.1.15 releases were not announced as security updates.  As I
can't say I'm familiar with DANE, I wonder if I may be missing some
good reason why this isn't or should not be considered a security fix.

-- 
Tomas Hoger / Red Hat Security Response Team



More information about the Gnutls-devel mailing list