Hi Léo,
On Sat, 13 Mar 2021 at 11:50, Léo Le Bouter wrote:
> On Sat, 2021-03-13 at 05:12 -0500, Mark H Weaver wrote:
>> For what it's worth, I think that would be a more
>> appropriate place to send these bug reports. What do you think?
>
> I don't know, it seems people read guix-devel more ma
On Sat, 2021-03-13 at 05:12 -0500, Mark H Weaver wrote:
> I pushed fixes for this and CVE-2021-20231 to 'master' in commit
> 74e2c0e00f58c8bf948f7dc7c5ae2876af910d5a.
Thank you, I would otherwise have done it, I was waiting for an answer
from upstream first, or some time.
> For what it's worth, I
Léo Le Bouter writes:
> CVE-2021-2023212.03.21 20:15
> A flaw was found in gnutls. A use after free issue in
> client_send_params in lib/ext/pre_shared_key.c may lead to memory
> corruption and other potential consequences.
I pushed fixes for this and CVE-2021-20231 to 'master' in commit
CVE-2021-20232 12.03.21 20:15
A flaw was found in gnutls. A use after free issue in
client_send_params in lib/ext/pre_shared_key.c may lead to memory
corruption and other potential consequences.
It is not certain whether 3.6.x series are affected as packaged in GNU
Guix. I asked the upstream at <
