|
From: | Simon Josefsson |
Subject: | Re: The _gnutls_x509_verify_certificate fix |
Date: | Wed, 12 Nov 2008 11:16:08 +0100 |
User-agent: | Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
Simon Josefsson <address@hidden> writes: >> Applying this to 2.4.2 this does away with the crash, however it does >> not fix the advisory anymore. (The way to reproduce described in >> http://news.gmane.org/find-root.php?message_id=%3c4918143A.3050103%40gmx.net%3e >> works again. > > Really? I think the patch should solve both the crash and the > advisory. Are you sure you used the right library? I've tested the patch and it appears to fix both the crash and the vulnerability. Please test it again. I've prepared a daily build of v2.6.2 containing that fix: http://daily.josefsson.org/gnutls-2.6/gnutls-2.6-20081112.tar.gz /Simon
[Prev in Thread] | Current Thread | [Next in Thread] |