[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls package may be vulnerable to CVE-2021-20232
From: |
Mark H Weaver |
Subject: |
Re: gnutls package may be vulnerable to CVE-2021-20232 |
Date: |
Sat, 13 Mar 2021 05:12:41 -0500 |
Léo Le Bouter <lle-bout@zaclys.net> writes:
> CVE-2021-20232 12.03.21 20:15
> A flaw was found in gnutls. A use after free issue in
> client_send_params in lib/ext/pre_shared_key.c may lead to memory
> corruption and other potential consequences.
I pushed fixes for this and CVE-2021-20231 to 'master' in commit
74e2c0e00f58c8bf948f7dc7c5ae2876af910d5a.
For what it's worth, I think that <bug-guix@gnu.org> would be a more
appropriate place to send these bug reports. What do you think?
Thanks,
Mark