--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnutls/patches/08-cve-2014-3466.patch Wed Apr 08 10:31:09 2015 -0700
@@ -0,0 +1,22 @@
+Source:
+http://www.gnutls.org/security.html
+Info:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
+Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in
+GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote
+servers to cause a denial of service (memory corruption) or possibly execute
+arbitrary code via a long session id in a ServerHello message.
+Status:
+Need to determine if this patch has been sent upstream.
+
+--- gnutls-2.8.6/lib/gnutls_handshake.c.orig 2014-06-05 10:04:17.494148857 +0530
++++ gnutls-2.8.6/lib/gnutls_handshake.c 2014-06-05 10:05:44.462058226 +0530
+@@ -1518,7 +1518,7 @@ _gnutls_read_server_hello (gnutls_sessio
+ DECR_LEN (len, 1);
+ session_id_len = data[pos++];
+
+- if (len < session_id_len)
++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;