- Version 3.2.15 (released 2014-05-30)
  
  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
  ** libgnutls: Several memory leaks caused by error conditions were
  fixed. The leaks were identified using valgrind and the Codenomicon
  TLS test suite.
  ** libgnutls: Increased the maximum certificate size buffer
  in the PKCS #11 subsystem.
  ** libgnutls: Check the return code of getpwuid_r() instead of relying
  on the result value. That avoids issue in certain systems, when using
  tofu authentication and the home path cannot be determined. Issue reported
  by Viktor Dukhovni.
  ** gnutls-cli: if dane is requested but not PKIX verification, then
  only do verify the end certificate.
  ** ocsptool: Include path in ocsp request. This resolves #108582
  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
  ** libgnutls: Fixed issue with the check of incoming data when two
  different recv and send pointers have been specified. Reported and
  investigated by JMRecio.
  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
  result to illegal memory access if a server hint was provided.
  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
  server hint was provided.
  ** libgnutls: Several small bug fixes identified using valgrind and
  the Codenomicon TLS test suite.
  ** libgnutls: Several small bug fixes found by coverity.
  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
  entry that matches the certificate. Patch by simon [at] arlott.org.

• Files Changed
• Browse Source