CVE-2019-3829 (retired)

Priority
Description
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A
memory corruption (double free) vulnerability in the certificate
verification API. Any client or server application that verifies X.509
certificates with GnuTLS 3.5.8 or later is affected.
Notes
 mdeslaur> 3.5.8 or later
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (3.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.18-1ubuntu1.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (3.6.4-2ubuntu1.2)
Ubuntu 19.04 (Disco Dingo):released (3.6.5-2ubuntu1.1)
Ubuntu 19.10 (Eoan):not-affected (3.6.7-2ubuntu3)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6 (3.6)
Upstream:https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b (3.6 test)
More Information

Updated: 2019-05-30 14:14:53 UTC (commit 2492ca94c8fbbb725eafe4918306eefa2ecce77a)