Bug#988508: buster-pu: package gnutls28/3.6.7-4+deb10u7

Andreas Metzler ametzler at bebt.de
Fri May 14 13:08:51 BST 2021 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: gnutls28 at packages.debian.org

Hello,

I would like to fix three minor security issues (non-DSA) in stable.
* 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
  3.6.15: It was found by oss-fuzz that the server sending a
  "no_renegotiation" alert in an unexpected timing, followed by an invalid
  second handshake can cause a TLS 1.3 client to crash via a null-pointer
  dereference. The crash happens in the application's error handling path,
  where the gnutls_deinit function is called after detecting a handshake
  failure.
  GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
* Pull multiple fixes designated for 3.6.15 bugfix release:
  + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
  + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
  + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20231) and
    47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
  + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
  + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch

For the latter two I have chose to pick the whole patchset from
upstream's 3.6 branch instead of going for minimal patchset to
minimize potential for error.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u6_to_u7.diff
Type: text/x-diff
Size: 25178 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20210514/1bbc8a4e/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20210514/1bbc8a4e/attachment-0001.sig>

More information about the Pkg-gnutls-maint mailing list