On 2017-04-27 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote: [...] >> upstream has now released 3.5.10/3.3.27 including these fixes and >> another one on top: >> + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch >> Addressed large allocation in OpenPGP certificate parsing, that could >> lead in out-of-memory condition. Issue found using oss-fuzz project, >> and >> was fixed by Alex Gaynor: >> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 >> [GNUTLS-SA-2017-3C] >> >> Updated diff for jessie attached.
> Please go ahead; thanks. Thanks, uploaded with the new CVE number mentioned in changelog. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
