diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-06-09 19:01:49 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-06-09 19:01:49 +0200 |
| commit | 2f0577890a16fc410cc3b36f5f5115268866b79c (patch) | |
| tree | e2d561efeadf80cad4db5bf09aa9e5e934ded282 | |
| parent | 0cbe8102b64f6e5f1fa5c317dd60991f0853132e (diff) | |
| download | gnutls-2f0577890a16fc410cc3b36f5f5115268866b79c.tar.gz | |
added info on CVE-2016-4456 and remove CVE-2015-7575 ref as it was nss-specific
| -rw-r--r-- | security-entries/GNUTLS-SA-2015-2 | 3 | ||||
| -rw-r--r-- | security-entries/GNUTLS-SA-2016-1 | 2 | ||||
| -rw-r--r-- | security.html | 8 |
3 files changed, 6 insertions, 7 deletions
diff --git a/security-entries/GNUTLS-SA-2015-2 b/security-entries/GNUTLS-SA-2015-2 index 192dfb7809..de8dcc60d2 100644 --- a/security-entries/GNUTLS-SA-2015-2 +++ b/security-entries/GNUTLS-SA-2015-2 @@ -1,6 +1,5 @@ <td><a href="http://seclists.org/oss-sec/2015/q3/374"> - No CVE assigned</a> (May 2015), <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"> - CVE-2015-7575</a> (January 2016) + No CVE assigned</a> </td> <td>ServerKeyExchange signature issue</td> <td><a diff --git a/security-entries/GNUTLS-SA-2016-1 b/security-entries/GNUTLS-SA-2016-1 index ef0623edd0..3a104ebafc 100644 --- a/security-entries/GNUTLS-SA-2016-1 +++ b/security-entries/GNUTLS-SA-2016-1 @@ -1,4 +1,4 @@ - <td>-</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4456">CVE-2016-4456</a></td> <td>File overwrite by setuid programs</td> <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 diff --git a/security.html b/security.html index c4f886d819..abb54587a6 100644 --- a/security.html +++ b/security.html @@ -80,11 +80,12 @@ <tr><th>Tag</th><th>Other identifiers</th><th>Severity</th><th>Information</th> <tr> <td><div class="emph-box" id="GNUTLS-SA-2016-1">GNUTLS-SA-2016-1</div></td> - <td>-</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4456">CVE-2016-4456</a></td> <td>File overwrite by setuid programs</td> <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 - and fixed in GnuTLS 3.4.13. + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td> </tr> <tr> @@ -112,8 +113,7 @@ <tr> <td><div class="emph-box" id="GNUTLS-SA-2015-2">GNUTLS-SA-2015-2</div></td> <td><a href="http://seclists.org/oss-sec/2015/q3/374"> - No CVE assigned</a> (May 2015), <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"> - CVE-2015-7575</a> (January 2016) + No CVE assigned</a> </td> <td>ServerKeyExchange signature issue</td> <td><a |