[From nobody Fri May 22 22:51:07 2026 Received: (at 1135319-close) by bugs.debian.org; 22 May 2026 21:49:22 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-113.1 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER, MD5_SHA1_SUM,PGPSIGNATURE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 72; hammy, 150; neutral, 208; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:41052) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wQXkA-00GZ4I-19 for 1135319-close@bugs.debian.org; Fri, 22 May 2026 21:49:22 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wQXk8-006bws-1A for 1135319-close@bugs.debian.org; Fri, 22 May 2026 21:49:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=akoTXiBDUESwld1xRCbA1aLg2lkv4XvBHZolf3nVXvw=; b=UF7CzHNgV7JBSCL0Hoykra+8ON kfx3gCr2jAABY69eAO/ClWLreOMAA8LG2cpzWHEJnwuPd+Sqw45aNC0cL7OTzKidPZCV0+Fw+jBYx kORDf5j9+dRq7Eq+y2+pW+87Zx9t/7v8UEmwbTIYMxclJBqXhvVI0v7I8w6fyLkTlTTPpMtWgzEaq MRO2YyXrKiuA9ut9QkYuzrC/do2HJQpXkn98r6yGv9IBpyyVLGX0IOvJHOTMM+TeiFGjH0E+3OdN8 WT5a0itZmyp3hhck5HREnN6+E6rQLHuAg21PY/+1z9ZxEro0ztlKebDSusHWxrjxHHD137/+/kV/V wSQHNdUw==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wQXk7-00000008ljS-0qVE; Fri, 22 May 2026 21:49:19 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Andreas Metzler <ametzler@debian.org> To: 1135319-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: gnutls28 Debian: DAK Debian-Changes: gnutls28_3.7.9-2+deb12u7_multi.changes Debian-Source: gnutls28 Debian-Version: 3.7.9-2+deb12u7 Debian-Architecture: source Debian-Suite: oldstable-proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1135319: fixed in gnutls28 3.7.9-2+deb12u7 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============0761345805552373652==" Message-Id: <E1wQXk7-00000008ljS-0qVE@fasolo.debian.org> Date: Fri, 22 May 2026 21:49:19 +0000 --===============0761345805552373652== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: gnutls28 Source-Version: 3.7.9-2+deb12u7 Done: Andreas Metzler <ametzler@debian.org> We believe that the bug you reported is fixed in the latest version of gnutls28, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1135319@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametzler@debian.org> (supplier of updated gnutls28 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 May 2026 13:57:52 +0200 Source: gnutls28 Architecture: source Version: 3.7.9-2+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.o= rg> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1135319 Changes: gnutls28 (3.7.9-2+deb12u7) bookworm-security; urgency=3Dhigh . * Cherry-pick fixes from 3.8.13 release for oldstable. + This includes fixes for these issues: CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015. + CVE-2026-3832 only applied to release 3.8.9 and later, no patch needed. + Patchset pulled from CentOS c8s (3.6.16), split into patchlets, unfuzz= ed, adapted for 3.7 (adds 72_0015_gnutls-3.6.16-1810-ocsp-truncated-eku.10.patch). Also added those patches from CentOS c9s (3.8.10) that are relevant for 3.7.9 (but where not for 3.6.16). Closes: #1135319 Checksums-Sha1:=20 39d8882c6435eb9c804a5b924bde5830b4ea3836 3421 gnutls28_3.7.9-2+deb12u7.dsc ca11670f3997c32da1e6b2c3a1069a500c35f8cb 164116 gnutls28_3.7.9-2+deb12u7.deb= ian.tar.xz Checksums-Sha256:=20 027b2f60e38add78ee611d099dbf34e977a6600d446cc39673534b736a182cb6 3421 gnutls= 28_3.7.9-2+deb12u7.dsc bcfcf396482ce7635df255abeff1c811321a84f016c95677db28f56908b25595 164116 gnut= ls28_3.7.9-2+deb12u7.debian.tar.xz Files:=20 64b1647a9ea7ba7f400e665e957f7ad1 3421 libs optional gnutls28_3.7.9-2+deb12u7= .dsc a476ae166b36b494aa9b2118681368fd 164116 libs optional gnutls28_3.7.9-2+deb12= u7.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoHHBgACgkQpU8BhUOC FIR6KxAAg5G/AqwbxAHPcZX8gJfX1tL0ld1cNZXYTEguSrkqbCoGWMsa/JPRgL05 WNRBlGE5/L2XN1bbVoQBCpTS7aqk5+g1E98G4NkQjNBM7QlwHsGyAbQzTD3WDTHh 2JuUO0KescbLP6MVHkBcRwFl6IBA9lqIZOf2dsyPVqgZpc96X7yApqdKbyqq785I dAN8x+1vkL9SYTkxqf5efkOrr3VbAGdJXyhV15lQhQceGmck20ihJKdT0j77+SNl XfCjLspisewxXAQiqNvHKm9fdwFmRt2LwnH4R+wVbtaphyV6orfnxICciMAavMcv zdAGpRhhVr+n3wVxHTzhrnTis/0ieYMW2yCo45l7XdjTy1a8XbLZdJSEJVTN4sbf 4VkhJpLSp6Z1LMK/TTLrB9uvoap1PBkOWux23SSB32E8B6rSrQ60XOu3ZXTG2j/F dJDMisfUDS1ij0Ahl28AdKXbdS+2is5ZxwHO38jDDeqiwi8W4CXcVSuLz46h+cH/ Jwt/lFJu+A9yYXKAZytPwmHRe8WGQKvcNvGksqPravmpZxcsYGdPcpvgDB+ydOSK ztxTRZh5N7QezJIE8hbb0SMXU3qsjxJc4Ru75tqFBv9RgkKQUtJSI9u0IS8z8vX0 M8MUXJc3iFHi0B5h8fm6jtoCEmmleMRsma9BcNzTDBPobFp9Us8=3D =3DDu+g -----END PGP SIGNATURE----- --===============0761345805552373652== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCahDPXwAKCRCb9qggYcy5 IZH0AP0Rn+B7wQHo9nqVCoKo8oMKm4ljgDcZOqaPmO4FgzUCBAEA7Bz6tLFSbl4p nKOOxtSBYPlokE6rh6tHYLMyBLwEmQ0= =TMxJ -----END PGP SIGNATURE----- --===============0761345805552373652==-- ]