1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted gnutls28 3.8.9-3 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Wed Jul 9 13:20:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 09 Jul 2025 12:34:38 +0200
    Source: gnutls28
    Architecture: source
    Version: 3.8.9-3
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian GnuTLS Maintainers <[email protected]>
    Changed-By: Andreas Metzler <[email protected]>
    Changes:
    gnutls28 (3.8.9-3) unstable; urgency=medium
    .
    * Cherry-pick fixes from 3.8.10 release:
    + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
    PSK Reported by Stefan Bühler.
    [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
    + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
    timestamps Spotted by oss-fuzz and reported by OpenAI Security
    Research Team, and fix developed by Andrew Hamilton.
    [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
    + libgnutls: Fix double-free upon error when exporting otherName in
    SAN Reported by OpenAI Security Research Team.
    [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
    + certtool: Fix 1-byte write buffer overrun when parsing template
    Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
    [CVE-2025-32990]
    + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
    + Fix uninitialized memory read while processing the "pre_shared_key"
    extension in TLS 1.3.
    + Avoid uninitialized use of crq version.
    Checksums-Sha1:
    48568387d4248961568f337d1046c233e7501d78 3236 gnutls28_3.8.9-3.dsc
    fea6a82b2e69f3d88103aa2579a46c69e8a6a483 85848 gnutls28_3.8.9-3.debian.tar.xz Checksums-Sha256:
    607dbc91727ff5d8a51af66e800abab837479de4e18775fc069a7b5ffc780d3d 3236 gnutls28_3.8.9-3.dsc
    f578bd4dd0b35d56aedf002a4a7b504a965a9d1a4587d2ad3a92718a45887cbf 85848 gnutls28_3.8.9-3.debian.tar.xz
    Files:
    5bfcfebf05e1b29754eb5eed3e82f78c 3236 libs optional gnutls28_3.8.9-3.dsc
    b603b974b601a6582c922bd85d1b736f 85848 libs optional gnutls28_3.8.9-3.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmhuTD8ACgkQpU8BhUOC FIQjuxAAhy2IAkr4z5myKWbC8LtkpxhiJGULtThBvQbWQifZg7h0z5PcqFEZn2KZ kC+qpGX2bLyVaZkzIuANjMwFvfiLcpCVdgErk3gfCF4x7SxUt6vC00dkNbbsR0F4 XVaFEkYvT114emrH49aQabHKJY8jysJ/M6crZ5hlYOmJRcQ/MIMgN8ciCEVbZ8nw 6k3B8pFL0K5Tty9nheDGjsGmrL81ASlrfrsiNe1UIqdMpflT/IhpKbQ8d28jsP26 MZaYGIwce3W0Y+dSHxpbL/T/tuoy/2c/ORHwvt0jF+Es6xv1YsinnulHPo3S+Sbu gYTZhnaTnUzBoxmxlUkD6BeFU54ICyomhnbiG+2dW+qIFlhQvz1AhLfwgF0iNPLu AMny3j1AoGP0c1iEqcUDEORz5f9hw0z9eEtALWgevmL89BigeTXPSPi1zOpgtebS 6YFOX8e4uxq+m37ZZp8T1aD85wV8+ieuM1n/NuCzB3nl68Rgdt6Cu0rz42i7rIXH 1IP+MjaygQQN+rkwq74xNyDyTmcIjEGVKVtdxqEhuxkDhp8kQe41EMf2ppNg1sjg FxtO16NY4H6qjfufBLlXelTiZQmMu/7yIsIfvKPUwAq9nn0i/hB/OTXCNMTTfj3H OwnH3ygLcScMggayJMxGV01OvCNK5ZDaHNPiAy0sVcsv+lnxXLE=
    =Tn0S
    -----END PGP SIGNATURE-----


    --==============429843659446621490=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaG5QUAAKCRCb9qggYcy5 IY6EAQCthf2V9Dzj2hBZe4X/FrRrGguhliDeYdUXuTkacPb9HQD+Njb0T0H9JIx0 o2OF5cTPs3kQjv6vX/RS5HSqak3bSgI=KghV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)