gnutls28_3.8.9-3_multi.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Jul 9 12:19:44 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 09 Jul 2025 12:34:38 +0200
Source: gnutls28
Architecture: source
Version: 3.8.9-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler at debian.org>
Changes:
gnutls28 (3.8.9-3) unstable; urgency=medium
.
* Cherry-pick fixes from 3.8.10 release:
+ libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
PSK Reported by Stefan Bühler.
[GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
+ libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
timestamps Spotted by oss-fuzz and reported by OpenAI Security
Research Team, and fix developed by Andrew Hamilton.
[GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
+ libgnutls: Fix double-free upon error when exporting otherName in
SAN Reported by OpenAI Security Research Team.
[GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
+ certtool: Fix 1-byte write buffer overrun when parsing template
Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
[CVE-2025-32990]
+ Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
+ Fix uninitialized memory read while processing the "pre_shared_key"
extension in TLS 1.3.
+ Avoid uninitialized use of crq version.
Checksums-Sha1:
48568387d4248961568f337d1046c233e7501d78 3236 gnutls28_3.8.9-3.dsc
fea6a82b2e69f3d88103aa2579a46c69e8a6a483 85848 gnutls28_3.8.9-3.debian.tar.xz
Checksums-Sha256:
607dbc91727ff5d8a51af66e800abab837479de4e18775fc069a7b5ffc780d3d 3236 gnutls28_3.8.9-3.dsc
f578bd4dd0b35d56aedf002a4a7b504a965a9d1a4587d2ad3a92718a45887cbf 85848 gnutls28_3.8.9-3.debian.tar.xz
Files:
5bfcfebf05e1b29754eb5eed3e82f78c 3236 libs optional gnutls28_3.8.9-3.dsc
b603b974b601a6582c922bd85d1b736f 85848 libs optional gnutls28_3.8.9-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmhuTD8ACgkQpU8BhUOC
FIQjuxAAhy2IAkr4z5myKWbC8LtkpxhiJGULtThBvQbWQifZg7h0z5PcqFEZn2KZ
kC+qpGX2bLyVaZkzIuANjMwFvfiLcpCVdgErk3gfCF4x7SxUt6vC00dkNbbsR0F4
XVaFEkYvT114emrH49aQabHKJY8jysJ/M6crZ5hlYOmJRcQ/MIMgN8ciCEVbZ8nw
6k3B8pFL0K5Tty9nheDGjsGmrL81ASlrfrsiNe1UIqdMpflT/IhpKbQ8d28jsP26
MZaYGIwce3W0Y+dSHxpbL/T/tuoy/2c/ORHwvt0jF+Es6xv1YsinnulHPo3S+Sbu
gYTZhnaTnUzBoxmxlUkD6BeFU54ICyomhnbiG+2dW+qIFlhQvz1AhLfwgF0iNPLu
AMny3j1AoGP0c1iEqcUDEORz5f9hw0z9eEtALWgevmL89BigeTXPSPi1zOpgtebS
6YFOX8e4uxq+m37ZZp8T1aD85wV8+ieuM1n/NuCzB3nl68Rgdt6Cu0rz42i7rIXH
1IP+MjaygQQN+rkwq74xNyDyTmcIjEGVKVtdxqEhuxkDhp8kQe41EMf2ppNg1sjg
FxtO16NY4H6qjfufBLlXelTiZQmMu/7yIsIfvKPUwAq9nn0i/hB/OTXCNMTTfj3H
OwnH3ygLcScMggayJMxGV01OvCNK5ZDaHNPiAy0sVcsv+lnxXLE=
=Tn0S
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20250709/56ebd292/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list