Candidate: CVE-2013-4487
PublicDate: 2013-11-20 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4487
 http://www.openwall.com/lists/oss-security/2013/10/31
Description:
 Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in
 GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to
 cause a denial of service (memory corruption) via a response with more than
 four DANE entries.  NOTE: this issue is due to an incomplete fix for
 CVE-2013-4466.
Ubuntu-Description:
Notes:
 mdeslaur> off by one in fix for CVE-2013-4466
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnutls28:
upstream_gnutls28: released (3.1.16,3.2.6)
lucid_gnutls28: DNE
precise_gnutls28: not-affected
quantal_gnutls28: not-affected
raring_gnutls28: not-affected
saucy_gnutls28: ignored (reached end-of-life)
trusty_gnutls28: not-affected (3.2.11-2ubuntu1)
trusty/esm_gnutls28: DNE (trusty was not-affected [3.2.11-2ubuntu1])
devel_gnutls28: not-affected (3.2.11-2ubuntu1)