[gnutls-devel] web-pages | add notes from 3.7.7 release (!5)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jul 29 02:43:05 CEST 2022




Daiki Ueno started a new discussion on security-entries/GNUTLS-SA-2022-07-07: https://gitlab.com/gnutls/web-pages/-/merge_requests/5#note_1043410592

> +    <td>N/A</td>
> +    <td>Severity Medium; memory corruption</td>
> +    <td>When gnutls_pkcs7_verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when the same signer certificate is freed at the end of the algorithm. The issue was reported in the issue tracker as <a href="https://gitlab.com/gnutls/gnutls/-/issues/1383">#1383</a>.<br/>

Can we mention affected versions?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/5#note_1043410592
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220729/ff3b2850/attachment.html>


More information about the Gnutls-devel mailing list