diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-05 18:06:42 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-05 18:06:42 +0100 |
commit | 6e4b9371f95d3e331ebcd989b61e2a04bcad0f13 (patch) | |
tree | 22eb8db90b01d4d85bfbf0a1886d755df4b9da60 | |
parent | efa1251cc197239a36eca48fd204afae41b05994 (diff) | |
download | gnutls-6e4b9371f95d3e331ebcd989b61e2a04bcad0f13.tar.gz |
doc update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -9,13 +9,18 @@ See the end for copying conditions. ** libgnutls: Addressed integer overflow resulting to invalid memory write in OpenPGP certificate parsing. Issue found using oss-fuzz project: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 [GNUTLS-SA-2017-3A] ** libgnutls: Addressed crashes in OpenPGP certificate parsing, related to private key parser. No longer allow OpenPGP certificates (public keys) to contain private key sub-packets. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B] + +** libgnutls: Addressed large allocation in OpenPGP certificate parsing, that + could lead in out-of-memory condition. Issue found using oss-fuzz project, + and was fixed by Alex Gaynor: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C] ** API and ABI modifications: No changes since last version. |