CVE-2019-3836

Priority
Description
It was discovered in gnutls before version 3.6.7 upstream that there is an
uninitialized pointer access in gnutls versions 3.6.3 or later which can be
triggered by certain post-handshake messages.
Assigned-to
mdeslaur
Notes
mdeslaur3.6.4 and later
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:released (3.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.6.7-2ubuntu3)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 (3.6)
More Information

Updated: 2020-01-29 20:05:17 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)