PublicDate: 2008-05-21 13:24:00 UTC
Candidate: CVE-2008-1950
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
 https://ubuntu.com/security/notices/USN-613-1
Description:
 Integer signedness error in the _gnutls_ciphertext2compressed function in
 lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote
 attackers to cause a denial of service (buffer over-read and crash) via a
 certain integer value in the Random field in an encrypted Client Hello
 message within a TLS record with an invalid Record Length, which leads to
 an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_gnutls26:
upstream_gnutls26: released (2.2.5)
dapper_gnutls26: DNE
feisty_gnutls26: DNE
gutsy_gnutls26: DNE
hardy_gnutls26: DNE
devel_gnutls26: not-affected (2.2.5-1)

Patches_gnutls13:
upstream_gnutls13: needs-triage
dapper_gnutls13: DNE
feisty_gnutls13: released (1.4.4-3ubuntu0.1)
gutsy_gnutls13: released (1.6.3-1ubuntu0.1)
hardy_gnutls13: released (2.0.4-1ubuntu2.1)
devel_gnutls13: released (2.0.4-1ubuntu3)

Patches_gnutls12:
upstream_gnutls12: needs-triage
dapper_gnutls12: released (1.2.9-2ubuntu1.2)
feisty_gnutls12: DNE
gutsy_gnutls12: DNE
hardy_gnutls12: DNE
devel_gnutls12: DNE