Control: tags -1 + pending On Thu, 2017-04-27 at 18:29 +0200, Andreas Metzler wrote: > On 2017-04-27 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > > On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote: > [...] > >> upstream has now released 3.5.10/3.3.27 including these fixes and > >> another one on top: > >> + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch > >> Addressed large allocation in OpenPGP certificate parsing, that > >> could > >> lead in out-of-memory condition. Issue found using oss-fuzz > >> project, and > >> was fixed by Alex Gaynor: > >> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 > >> [GNUTLS-SA-2017-3C] > >> > >> Updated diff for jessie attached. > > > Please go ahead; thanks. > > Thanks, uploaded with the new CVE number mentioned in changelog.
Flagged for acceptance into p-u. Regards, Adam
