AVG-945 log

Package gnutls
Status Fixed
Severity Critical
Type multiple issues
Affected 3.6.6-3
Fixed 3.6.7-1
Current 3.8.8-1 [core-testing]
3.8.7-1 [core]
Ticket None
Created Fri Mar 29 17:24:57 2019
Issue Severity Remote Type Description
CVE-2019-3836 Medium Yes Denial of service
An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7.
CVE-2019-3829 Critical Yes Arbitrary code execution
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including...
Date Advisory Package Type
05 Apr 2019 ASA-201904-2 gnutls multiple issues
References
https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html