[Git][security-tracker-team/security-tracker][master] Triage CVE-2026-5419/gnutls28 for bullseye
Guilhem Moulin (@guilhem)
guilhem at debian.org
Thu May 21 14:32:56 BST 2026
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
817df6d7 by Guilhem Moulin at 2026-05-21T15:32:31+02:00
Triage CVE-2026-5419/gnutls28 for bullseye
Block cipher functions `gnutls_cipher_encrypt3()` and `gnutls_cipher_decrypt3()`
were introduced in 3.7.7 via MR!1611 to transparently handle padding, see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 and
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13946,9 +13946,11 @@ CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerabili
CVE-2026-5419
{DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
+ [bullseye] - gnutls28 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1815
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1e627aa5ad95c6dc0518d94e9a009997b081a1ab (3.8.13)
+ NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/4b45ad6923a7b1d296a111153663f23c13173b94 (3.7.7)
CVE-2026-3832 (A flaw was found in gnutls. A remote attacker could exploit this vulne ...)
- gnutls28 3.8.13-1 (bug #1135319)
[trixie] - gnutls28 3.8.9-3+deb13u4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817df6d7ff85ac2180aa386e6da0ee31568c35b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817df6d7ff85ac2180aa386e6da0ee31568c35b7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/2e822a11/attachment.htm>
More information about the debian-security-tracker-commits
mailing list