- Version 3.5.8 (released 2016-01-09)
  * libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
    functions will not leave the verification profiles field to an
    undefined state. The last call will take precedence.
  * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
    by PKCS#8 decryption functions when an invalid key is provided. This
    addresses regression on decrypting certain PKCS#8 keys.
  * libgnutls: Introduced option to override the default priority string
    used by the library. The intention is to allow support of system-wide
    priority strings (as set with --with-system-priority-file). The
    configure option is --with-default-priority-string.
  * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
    This prevents crashes when decrypting malformed PKCS#8 keys.
  * libgnutls: Fix crash on the loading of malformed private keys with certain
    parameters set to zero.
  * libgnutls: Fix double free in certificate information printing. If the PKIX
    extension proxy was set with a policy language set but no policy specified,
    that could lead to a double free.
  * libgnutls: Addressed memory leaks in client and server side error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks in X.509 certificate printing error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
    parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
  * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
    (issues found using oss-fuzz project)
- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2

• Files Changed
• Browse Source