CVE-2019-3829

Priority
Description
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A
memory corruption (double free) vulnerability in the certificate
verification API. Any client or server application that verifies X.509
certificates with GnuTLS 3.5.8 or later is affected.
Assigned-to
mdeslaur
Notes
mdeslaur3.5.8 or later
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:released (3.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.18-1ubuntu1.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.6.7-2ubuntu3)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b (3.6 test)
More Information

Updated: 2020-01-29 20:05:17 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)