Hi On Sun, Mar 05, 2017 at 07:08:08PM +0100, Andreas Metzler wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian....@packages.debian.org > Usertags: pu > > Hello, > > I would like fix a number of minor issues in GnuTLS.
Would still be great to see that in the next point release. Note there is one more CVE in meanwhile assigned: > Most of these (notably CVE-2017-533[4567]) are related to the PGP > support, security does not intend to issue a DSA: > + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer > overflow resulting to invalid memory write in OpenPGP certificate > parsing. Issue found using oss-fuzz project: > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 > [GNUTLS-SA-2017-3A] This one got CVE-2017-7869 assigned, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7869 Regards, Salvatore
