gnutls28_3.3.8-6+deb8u5_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Apr 28 21:32:10 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Apr 2017 18:10:51 +0200
Source: gnutls28
Binary: libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: all source
Version: 3.3.8-6+deb8u5
Distribution: jessie
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler at debian.org>
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
guile-gnutls - GNU TLS library - GNU Guile bindings
libgnutls28-dbg - GNU TLS library - debugger symbols
libgnutls28-dev - GNU TLS library - development files
libgnutls-deb0-28 - GNU TLS library - main runtime library
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutlsxx28 - GNU TLS library - C++ runtime library
Changes:
gnutls28 (3.3.8-6+deb8u5) jessie; urgency=medium
.
* Pull multiple fixes from gnutls_3_3_x branch:
+ 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
Fixed issue in PKCS#12 password encoding, which truncated
passwords over 32-characters. Reported by Mario Klebsch.
+ 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
Fix double free in certificate information printing. If the PKIX
extension proxy was set with a policy language set but no policy
specified, that could lead to a double free. [GNUTLS-SA-2017-1]
CVE-2017-5334
+ 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
Addressed memory leak in server side error path (issue found using
oss-fuzz project)
+ 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
Addressed memory leaks and an infinite loop in OpenPGP certificate
parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
Addressed invalid memory accesses in OpenPGP certificate parsing.
(issues found using oss-fuzz project) [GNUTLS-SA-2017-2]
CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
+ 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
When returning success, but no elements,
gnutls_pkcs11_obj_list_import_url4, could have returned zero number of
elements with a pointer that was uninitialized. Ensure that an
initialized (i.e., null in that case), pointer is always returned.
+ 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
overflow resulting to invalid memory write in OpenPGP certificate
parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A] CVE-2017-7869
+ 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read
of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue
found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
(This patch is from gnutls_3_5_x branch.)
+ 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
Addressed crashes in OpenPGP certificate parsing, related to private key
parser. No longer allow OpenPGP certificates (public keys) to contain
private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
[GNUTLS-SA-2017-3B]
+ 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
Addressed large allocation in OpenPGP certificate parsing, that could
lead in out-of-memory condition. Issue found using oss-fuzz project, and
was fixed by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
Checksums-Sha1:
4e8d1672d1a0b41d352bd5c91adb4e7dff63f192 2958 gnutls28_3.3.8-6+deb8u5.dsc
ce6241850b3f6520b32ad15d4b398e4769fd2a95 104392 gnutls28_3.3.8-6+deb8u5.debian.tar.xz
de484ee2bc2a1f11f523aa7cbd23700da6a57b12 3628304 gnutls-doc_3.3.8-6+deb8u5_all.deb
Checksums-Sha256:
1143c5b76a6899ab266e1e33840d87026108c4623a2ae4c44d1f00a9643ef54d 2958 gnutls28_3.3.8-6+deb8u5.dsc
fa47161ac81d77daaa7269e22f0edc037c356dc4386ba785ab201b681c1a9328 104392 gnutls28_3.3.8-6+deb8u5.debian.tar.xz
f2ad5361e395e31832fae73a1d2e63d18b59d9847aae3fd894946c83e926275d 3628304 gnutls-doc_3.3.8-6+deb8u5_all.deb
Files:
f9a9a26fd919f01efbc1b32d59420447 2958 libs optional gnutls28_3.3.8-6+deb8u5.dsc
c79e1d2e63dd704dce6e0ef783f403fc 104392 libs optional gnutls28_3.3.8-6+deb8u5.debian.tar.xz
59b740c649371a4ff67695a7ff26f618 3628304 doc optional gnutls-doc_3.3.8-6+deb8u5_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlkCG1EACgkQpU8BhUOC
FIRSeRAAgUnJMPCug4UbUV5ZQUXKOUMRLsnQb9ospZO9NaIWS6/bo1GJ1mRJLCN2
WMaXCWacgLHjB/tsQ8sWKFGbwYwIsBdu1gn8qSwgkcWfJf5mcTRB7uX9YZN4hU0r
BHS1dY9x4lnO2uOPhhKfjaatc+rw1YkiNDx5B87c8vTrCMyRm5EeJIv2iCYe+qR6
HlJtC+uF8jxwIYmSxuV0nfnP7EVQZzwY2lEDMGbY25LkVX257O7K2CirmKu0XbTm
EjM9U0gM3cPgORqd5neSMTqYEmThm8V1Eb/A0lobqsKfC0Gj08VeXsKOZHQg1sHX
VAs/rMcgrZbgxkEJyTgnhm1l83XLAXWO0gDX+UE16hdAG1lwpzXjnC2jIXXzGZUC
ZTLkN/xv0l5ZiUKJiRj2yp8z5QKhXED5jd1eHm5UqVeDM6j1apDs8ZvfowFMHcZQ
8F8AK2mBc8x9cikKFmyBeKRWyS8GtenbTGDIqXic1AerJw2EbDgfdYgANV6w/vtA
XmUI6mICgz+0OFLBWvOsN5zPdS+PQ7b4jcTB0877LsZ61m6oEbUg9Ei2V7Nu+Ly/
e0IR0mxLezLu1oMIzpIHgXfVlopE7vrlVW6ZFkOK4axVTt6lLi8JLqB05AkKQVz/
AmtfNN4PdKjzWUesl22FKxXDHIpxaHJLVK52nS8+mxEDWPlSZfc=
=vy3M
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-gnutls-maint
mailing list