| Message ID | 20170306145506.4673-1-gustavo@zacarias.com.ar |
|---|---|
| State | Accepted |
| Headers | show |
Hello, On Mon, 6 Mar 2017 11:55:06 -0300, Gustavo Zacarias wrote: > Fixes: > GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid > memory write in OpenPGP certificate parsing. > GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing, > related to private key parser. No longer allow OpenPGP certificates > (public keys) to contain private key sub-packets. > GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate > parsing, that could lead in out-of-memory condition. > > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> > --- > package/gnutls/gnutls.hash | 2 +- > package/gnutls/gnutls.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Peter: we want this one for LTS I guess. Thomas
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes: > Hello, > On Mon, 6 Mar 2017 11:55:06 -0300, Gustavo Zacarias wrote: >> Fixes: >> GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid >> memory write in OpenPGP certificate parsing. >> GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing, >> related to private key parser. No longer allow OpenPGP certificates >> (public keys) to contain private key sub-packets. >> GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate >> parsing, that could lead in out-of-memory condition. >> >> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> >> --- >> package/gnutls/gnutls.hash | 2 +- >> package/gnutls/gnutls.mk | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) > Applied to master, thanks. Peter: we want this one for LTS I guess. Committed to 2017.02.x, thanks.
diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash index 156d2aa..64b86d7 100644 --- a/package/gnutls/gnutls.hash +++ b/package/gnutls/gnutls.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 82b10f0c4ef18f4e64ad8cef5dbaf14be732f5095a41cf366b4ecb4050382951 gnutls-3.5.9.tar.xz +sha256 af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d gnutls-3.5.10.tar.xz diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index 932c0fa..be1cf00 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -5,7 +5,7 @@ ################################################################################ GNUTLS_VERSION_MAJOR = 3.5 -GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).9 +GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR) GNUTLS_LICENSE = LGPLv2.1+ (core library), GPLv3+ (gnutls-openssl library)
Fixes: GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid memory write in OpenPGP certificate parsing. GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing, related to private key parser. No longer allow OpenPGP certificates (public keys) to contain private key sub-packets. GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate parsing, that could lead in out-of-memory condition. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- package/gnutls/gnutls.hash | 2 +- package/gnutls/gnutls.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)