Bug#926412: unblock: gnutls28/3.6.7-2
Andreas Metzler
ametzler at bebt.de
Thu Apr 4 18:41:44 BST 2019
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package gnutls28.
This is a upstream bugfix release featuring two security fixes
+ Fixes a memory corruption (double free) vulnerability in the
certificate verification API.
https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
GNUTLS-SA-2019-03-27
+ Fixes an invalid pointer access via malformed TLS1.3 async messages;
https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
GNUTLS-SA-2019-03-27
One of these is fixed by a hardening measure (gnutls_free() will
automatically set the free'd pointer to NULL.) It also unbreaks
vlc (#922879) and has some TLS1.3 related changes.
The straight debdiff is huge, because of a) usual release updates of
autogenerated files and b) because it includes a global
's/http:/https:/'. Stripped down debdiff is attached.
unblock gnutls28/3.6.7-2
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smaller.debdiff.diff.xz
Type: application/x-xz
Size: 88712 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20190404/a7b50225/attachment-0001.xz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20190404/a7b50225/attachment-0001.sig>
More information about the Pkg-gnutls-maint
mailing list