[gnutls-devel] gnutls 3.5.8

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 23 20:01:52 CET 2017


On Sun, 2017-01-22 at 20:13 -0500, Derek Schrock wrote:
> On Mon, Jan 09, 2017 at 03:25:10AM EST, Nikos Mavrogiannopoulos
> wrote:
> > On Mon, Jan 9, 2017 at 9:17 AM, Nikos Mavrogiannopoulos <nmav at
> > gnutls.org> wrote:
> > 
> > > ** libgnutls: Fix double free in certificate information
> > > printing. If the PKIX
> > >    extension proxy was set with a policy language set but no
> > > policy specified,
> > >    that could lead to a double free. (issue found using oss-fuzz
> > > project)
> > > 
> > > ** libgnutls: Addressed invalid memory accesses in OpenPGP
> > > certificate parsing.
> > >    (issues found using oss-fuzz project)
> > 
> > Note that I forgot to refer to GNUTLS-SA-2017-1 and GNUTLS-SA-2017-
> > 2 for these
> > two issues.
> > 
> > regards,
> > Nikos
> > 
> 
> Was there a 3.4.x release for SA 2017-1/2?  I see 3.3.x and 3.5.x
> however no 3.4.x.  Is 3.4.x not effected by the two SAs?

Hi,
 The 3.4.x releases are indeed affected, however 3.5.8 is a drop in
replacement and you can use that release instead. My goal with that is
to reduce the cost of maintaining overlapping/fully compatible release
branches.

regards,
Nikos




More information about the Gnutls-devel mailing list