[gnutls-devel] GnuTLS | Fix double free during gnutls_pkcs7_verify (!1615)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Jul 23 01:50:44 CEST 2022

Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036090604

>  * Version 3.7.7 (unreleased)
> +** libgnutls: Fixed double free during verification of pkcs7 signatures.
> +   Reported by Jaak Ristioja (#1383). CVE code has been allocated for
> +   this vulnerability: [CVE-2022-2509]

Let's assess the CVSS score using the [calculator](https://www.first.org/cvss/calculator/), and also assign our own SA like [this](https://gitlab.com/gnutls/gnutls/-/blob/e80b334563d648d86d654346ad49b1010974e7ad/NEWS#L266) so we can [list](https://www.gnutls.org/security-new.html) it.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1615#note_1036090604
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220722/ae217c16/attachment.html>

More information about the Gnutls-devel mailing list