Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted gnutls28 3.6.7-4+deb10u7 (source) into proposed-updates->stable-new, proposed-updates
Date: Fri, 21 May 2021 15:17:06 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 May 2021 13:33:38 +0200
Source: gnutls28
Architecture: source
Version: 3.6.7-4+deb10u7
Distribution: buster
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 969547
Changes:
 gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
 .
   * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
     3.6.15: It was found by oss-fuzz that the server sending a
     "no_renegotiation" alert in an unexpected timing, followed by an invalid
     second handshake can cause a TLS 1.3 client to crash via a null-pointer
     dereference. The crash happens in the application's error handling path,
     where the gnutls_deinit function is called after detecting a handshake
     failure.
     GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
   * Pull multiple fixes designated for 3.6.15 bugfix release:
     + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
     + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
     + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
       (CVE-2021-20231) and
       47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
       (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
     + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
     + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
Checksums-Sha1: 
 cf8b7b92308275d1d6d7b7a9c58a6039d8492e84 3354 gnutls28_3.6.7-4+deb10u7.dsc
 825902146b9c4327a6c2c463f069923ec2acf6e0 94000 gnutls28_3.6.7-4+deb10u7.debian.tar.xz
Checksums-Sha256: 
 dac5aff80109fa5e05f4ab1cb5d402ee9caeefebaa12daf034bcdd7e614af6b2 3354 gnutls28_3.6.7-4+deb10u7.dsc
 4f399badd85387e1dd42c811e16d10c4c22196e57142a7325ec44c52b3c6a168 94000 gnutls28_3.6.7-4+deb10u7.debian.tar.xz
Files: 
 c83e0ea3759cb3d38c35926af212a309 3354 libs optional gnutls28_3.6.7-4+deb10u7.dsc
 e485ece5bac5eca4d5d183943953e515 94000 libs optional gnutls28_3.6.7-4+deb10u7.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmCf9EgACgkQpU8BhUOC
FIQ4Fw/6AiEQ0PgVB/gZ5FsBEhBXQMe4MWBbsFrNxeX5ZzuvslzF4wOK6GAfblOD
xph18fw9QNkRHVlpWzwoyZoDCofD22jYx1FdCZD5S30Ms9HyN63W7EsqQNRp+ZqU
kIF+C8mp0lX7lfF6nQalvJpND8NDfSKyPSHazNezSQYXlJ8mXoIqTXWJi1Y1rLcp
zpb9sDRb1GvUKOUzbaWQR/08ewU63ujK5XZpT7TGD0vLAwFxzS5SaBxC1FEA74jw
FpkuFgc0sBP2OGsobzMH/VX1vnmXuLFK4qjT4x1Ks4x8l9MzyR3rM2I/T5DwoVrE
f3oWK6JM7wOQVjqSicGkrkha1K7+VCbI+ekOdk17IonxNBLvc4zpk9Wl/YF0uov/
8Fs6EMOuGeNr6js/Lm8s4VY2BCJWbyRofSM/jt8f2Ymfh4TdZCopbvXZWhDsGnsT
xf5dlK1PeoqsDc9jn8a/qUkfFJB5r0KvkQ26ikM9s32Mr4UnlZomnmgKWCQtFA2V
5UnmKkkmtM2kGP5M37iuiR7qbLHCjui+HBD0ZJhiErFjSWDg6KqZ+9fxj/nZ0Wd6
xFRy7jBnd3iRYRkKnSz/zPq2yIUlQDJjMtxzzpe6MCkR2u3zeFjEGyM46kId899X
ER8aT0sFD0Lu3zchH1rfkC9MleiQr17adLYPgHHQMyGBQ4D6530=
=hMhI
-----END PGP SIGNATURE-----

News for package gnutls28