[gnutls-devel] gnutls 3.5.8
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Jan 23 20:01:52 CET 2017
On Sun, 2017-01-22 at 20:13 -0500, Derek Schrock wrote:
> On Mon, Jan 09, 2017 at 03:25:10AM EST, Nikos Mavrogiannopoulos
> wrote:
> > On Mon, Jan 9, 2017 at 9:17 AM, Nikos Mavrogiannopoulos <nmav at
> > gnutls.org> wrote:
> >
> > > ** libgnutls: Fix double free in certificate information
> > > printing. If the PKIX
> > > extension proxy was set with a policy language set but no
> > > policy specified,
> > > that could lead to a double free. (issue found using oss-fuzz
> > > project)
> > >
> > > ** libgnutls: Addressed invalid memory accesses in OpenPGP
> > > certificate parsing.
> > > (issues found using oss-fuzz project)
> >
> > Note that I forgot to refer to GNUTLS-SA-2017-1 and GNUTLS-SA-2017-
> > 2 for these
> > two issues.
> >
> > regards,
> > Nikos
> >
>
> Was there a 3.4.x release for SA 2017-1/2? I see 3.3.x and 3.5.x
> however no 3.4.x. Is 3.4.x not effected by the two SAs?
Hi,
The 3.4.x releases are indeed affected, however 3.5.8 is a drop in
replacement and you can use that release instead. My goal with that is
to reduce the cost of maintaining overlapping/fully compatible release
branches.
regards,
Nikos
More information about the Gnutls-devel
mailing list