Candidate: CVE-2013-4466
PublicDate: 2013-11-20 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466
 http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
Description:
 Buffer overflow in the dane_query_tlsa function in the DANE library
 (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows
 remote servers to cause a denial of service (memory corruption) via a
 response with more than four DANE entries.
Ubuntu-Description:
Notes:
 mdeslaur> only affects 3.1.x and 3.2.x
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727660
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnutls26:
upstream_gnutls26: needs-triage
lucid_gnutls26: not-affected
precise_gnutls26: not-affected
quantal_gnutls26: not-affected
raring_gnutls26: not-affected
saucy_gnutls26: not-affected
trusty_gnutls26: not-affected
trusty/esm_gnutls26: not-affected
devel_gnutls26: not-affected

Patches_gnutls28:
upstream_gnutls28: released (3.1.15,3.2.5)
lucid_gnutls28: DNE
precise_gnutls28: not-affected (3.0.11-1ubuntu2)
quantal_gnutls28: not-affected (3.0.21-1ubuntu1)
raring_gnutls28: not-affected (3.0.22-2ubuntu1)
saucy_gnutls28: ignored (reached end-of-life)
trusty_gnutls28: not-affected (3.2.11-2ubuntu1)
trusty/esm_gnutls28: DNE (trusty was not-affected [3.2.11-2ubuntu1])
devel_gnutls28: not-affected (3.2.11-2ubuntu1)