Control: forwarded -1 https://gitlab.com/gnutls/gnutls/issues/158
On 2016-12-31 "Bernhard R. Link" <[email protected]> wrote: > Package: libgnutls30 > Version: 3.5.7-3 > Severity: normal > Tags: security > This bug report is not about wrong behavior if libgnutls is called > correctly but rather about dangerous behaviour if the caller is using > libgnutls incorrectly. > If a handshake has not yet completed (the caller ignoring > gnutls_handshake return code or the caller having a bug in the handling > of GNUTLS_E_AGAIN) then telling libgnutls to send data causes it to send > it unencrypted. Unless there are cases where might be useful, I think a > security relevelant library like libgnutls should rather catch this > mistake and avoid sending stuff unencrypted. [...] Hello, This has been fixed in GnuTLS GIT master and is scheduled for 3.6.x. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
