diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 10:45:08 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 10:45:08 +0100 |
commit | c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (patch) | |
tree | 9c2aad9db2a7313080158a706afff3fb330b9b4c | |
parent | 9fe2b08714ac25a079f58790fd577b156bf5bf93 (diff) | |
download | gnutls-c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4.tar.gz |
doc updatetmp-gnutls_3_3_x-even-more-openpgp-fixes
-rw-r--r-- | NEWS | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -7,8 +7,15 @@ See the end for copying conditions. ** libgnutls: read the pin-value attribute if the p11-kit version allows it. -** libgnutls: Addressed invalid memory access in OpenPGP certificate parsing. - (issue found using oss-fuzz project) +** libgnutls: Addressed integer overflow resulting to invalid memory write + in OpenPGP certificate parsing. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + +** libgnutls: Addressed crashes in OpenPGP certificate parsing, related + to private key parser. No longer allow OpenPGP certificates (public keys) + to contain private key sub-packets. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 ** API and ABI modifications: No changes since last version. |