2
Candidate: CVE-2008-1949
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
5
https://usn.ubuntu.com/usn/usn-613-1
7
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls
8
in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello
9
messages within a TLS message after one has already been processed, which
10
allows remote attackers to cause a denial of service (NULL dereference and
11
crash) via a TLS message containing multiple Client Hello messages, aka
21
upstream_gnutls26: released (2.2.5)
26
devel_gnutls26: not-affected (2.2.5-1)
29
upstream_gnutls13: needs-triage
31
feisty_gnutls13: released (1.4.4-3ubuntu0.1)
32
gutsy_gnutls13: released (1.6.3-1ubuntu0.1)
33
hardy_gnutls13: released (2.0.4-1ubuntu2.1)
34
devel_gnutls13: released (2.0.4-1ubuntu3)
37
upstream_gnutls12: needs-triage
38
dapper_gnutls12: released (1.2.9-2ubuntu1.2)