Re: gnutls package may be vulnerable to CVE-2021-20232

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls package may be vulnerable to CVE-2021-20232

From:	Mark H Weaver
Subject:	Re: gnutls package may be vulnerable to CVE-2021-20232
Date:	Sat, 13 Mar 2021 05:12:41 -0500

Léo Le Bouter <lle-bout@zaclys.net> writes:

> CVE-2021-20232        12.03.21 20:15
> A flaw was found in gnutls. A use after free issue in
> client_send_params in lib/ext/pre_shared_key.c may lead to memory
> corruption and other potential consequences.

I pushed fixes for this and CVE-2021-20231 to 'master' in commit
74e2c0e00f58c8bf948f7dc7c5ae2876af910d5a.

For what it's worth, I think that <bug-guix@gnu.org> would be a more
appropriate place to send these bug reports.  What do you think?

     Thanks,
       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

gnutls package may be vulnerable to CVE-2021-20232, Léo Le Bouter, 2021/03/12
- Re: gnutls package may be vulnerable to CVE-2021-20232, Mark H Weaver <=
  - Re: gnutls package may be vulnerable to CVE-2021-20232, Léo Le Bouter, 2021/03/13
    - Re: gnutls package may be vulnerable to CVE-2021-20232, zimoun, 2021/03/13

Prev by Date: Re: guix environment --profile with --ad-hoc
Next by Date: Re: gnutls package may be vulnerable to CVE-2021-20232
Previous by thread: gnutls package may be vulnerable to CVE-2021-20232
Next by thread: Re: gnutls package may be vulnerable to CVE-2021-20232
Index(es):
- Date
- Thread