[gnutls-devel] gnutls 3.2.5
Tomas Hoger
thoger at redhat.com
Thu Oct 24 09:27:16 CEST 2013
On Wed, 23 Oct 2013 13:33:20 +0200 Nikos Mavrogiannopoulos wrote:
> ** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could
> be triggered by a DNS server supplying more than 4 DANE records.
> Report and fix by Christian Grothoff.
This sounds like a security fix rather than just a regular bug fix, but
3.2.5 and 3.1.15 releases were not announced as security updates. As I
can't say I'm familiar with DANE, I wonder if I may be missing some
good reason why this isn't or should not be considered a security fix.
--
Tomas Hoger / Red Hat Security Response Team
More information about the Gnutls-devel
mailing list