Bug#1109134: unblock: gnutls28/3.8.9-3

Andreas Metzler ametzler at bebt.de
Sat Jul 12 09:56:13 BST 2025 

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: gnutls28 at packages.debian.org
Control: affects -1 + src:gnutls28
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package gnutls28

The new version of gnutls cherry-picks couple of security fixes and
memory errors froim upstream's 3.8.10 release:

+ libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
  PSK Reported by Stefan Bühler.
  [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
+ libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
  timestamps Spotted by oss-fuzz and reported by OpenAI Security
  Research Team, and fix developed by Andrew Hamilton.
  [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
+ libgnutls: Fix double-free upon error when exporting otherName in
  SAN Reported by OpenAI Security Research Team.
  [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
+ certtool: Fix 1-byte write buffer overrun when parsing template
  Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
  [CVE-2025-32990]
+ Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
+ Fix uninitialized memory read while processing the "pre_shared_key"
  extension in TLS 1.3.
+ Avoid uninitialized use of crq version.

Please ublock and bump urgency. Thanks!

unblock gnutls28/3.8.9-3

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from3.8.9-2.deb.diff
Type: text/x-diff
Size: 116399 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20250712/429a24c8/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20250712/429a24c8/attachment-0001.sig>

More information about the Pkg-gnutls-maint mailing list