Re: [gnutls-devel] fixes on 3.3.x gnutls branch, why not this one?
On Sun, 2017-03-05 at 16:20 +0100, Andreas Metzler wrote:
> is there a reason why this patch was cherrypicked for the 3.5.x
> branch but not for 3.3.x?
> pencdk: read_attribute: account buffer size
> That ensures that there is no read past the end of buffer.
> Resolves the oss-fuzz found bug:
Hi, I didn't consider it severe enough to backport it. My understanding
is that this is a read past the end of buffer, and cannot be exploited
for a denial of service or otherwise. Let me know if I'm wrong.