CVE-2019-3836 (retired)

Priority
Description
It was discovered in gnutls before version 3.6.7 upstream that there is an
uninitialized pointer access in gnutls versions 3.6.3 or later which can be
triggered by certain post-handshake messages.
Notes
 mdeslaur> 3.6.4 and later
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (3.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 18.10 (Cosmic Cuttlefish):released (3.6.4-2ubuntu1.2)
Ubuntu 19.04 (Disco Dingo):released (3.6.5-2ubuntu1.1)
Ubuntu 19.10 (Eoan):not-affected (3.6.7-2ubuntu3)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6)
More Information

Updated: 2019-05-30 14:14:54 UTC (commit 2492ca94c8fbbb725eafe4918306eefa2ecce77a)