-
Bug
-
Resolution: Fixed
-
Severe (Ebuild)
-
None
-
None
We'd like to update from 3.3.9 to 3.3.10 which includes a bug-fix on the current and old stable branches [3.3.9 is the stable branch]. Sean Burford reported that the encoding of elliptic curves parameters GnuTLS 3 is vulnerable to a denial of service (heap corruption). It affects clients and servers which print information about the peer's public key, e.g., the key ID, and can be exploited via a specially crafted X.509 certificate, this is resolved in 3.3.9. Severity isn't critical, but I feel it's paramount we update right away.