Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Andreas Metzler
ametzler at bebt.de
Thu Jun 25 16:41:42 BST 2020
On 2020-06-25 Andreas Metzler <ametzler at bebt.de> wrote:
[...]
> * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
> + 40_casts_related_to_fix_CVE-2019-3829.patch
> + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch
> + 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate-verification.patch
> + 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff
> * More important fixes:
> + 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch
> [One-line-fix for memleak]
> + 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch
> Handle zero length session tickets, fixing connection errors on TLS1.2
> sessions to some big hosting providers. (See LP 1876286)
> [Fixes connections to e.g. verizon popserver.]
[...]
Here is the missing debdiff.
cu Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from_deb9u4_to_deb9u5.diff
Type: text/x-diff
Size: 26310 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20200625/069a969d/attachment-0001.diff>
More information about the Pkg-gnutls-maint
mailing list