CVE-2019-3836

Priority
Description
It was discovered in gnutls before version 3.6.7 upstream that there is an
uninitialized pointer access in gnutls versions 3.6.3 or later which can be
triggered by certain post-handshake messages.
Assigned-to
mdeslaur
Notes
mdeslaur3.6.4 and later
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:released (3.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.6.7-2ubuntu3)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6)
More Information

Updated: 2020-03-18 22:54:34 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)