Heads-up GNUTLS-SA-2020-07-14 [CVE-2023-0361]
Andreas Metzler
ametzler at bebt.de
Fri Feb 10 14:46:40 GMT 2023
On 2023-02-10 Andreas Metzler <ametzler at bebt.de> wrote:
> Hello,
> today's releases of GnuTLS 3.7.9 and 3.8.0 fix "a Bleichenbacher oracle
> in the TLS RSA key exchange.". Details here:
> https://gitlab.com/gnutls/gnutls/-/issues/1050
> 3.7.9 is basically a single-bugfix release, since the tarball publication
> was delayed I had uploaded a patched 3.7.8-5 instead to sid.
according to upstream the problematic code is present in 3.6.5-3.6.16,
3.7.0-3.7.8, i.e both buster and bullseye.
cu Andreas
More information about the Pkg-gnutls-maint
mailing list