Control: tags -1 + confirmed On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote: > On 2017-03-05 Andreas Metzler <ametz...@bebt.de> wrote: [...] > > I would like fix a number of minor issues in GnuTLS. > > > Most of these (notably CVE-2017-533[4567]) are related to the PGP > > support, security does not intend to issue a DSA: > [...] > > Hello, > > upstream has now released 3.5.10/3.3.27 including these fixes and > another one on top: > + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch > Addressed large allocation in OpenPGP certificate parsing, that could > lead in out-of-memory condition. Issue found using oss-fuzz project, > and > was fixed by Alex Gaynor: > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 > [GNUTLS-SA-2017-3C] > > Updated diff for jessie attached.
Please go ahead; thanks. Regards, Adam
