-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jun 2024 13:22:35 +0200 Source: gnutls28 Architecture: source Version: 3.7.9-2+deb12u3 Distribution: bookworm Urgency: medium Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1067463 1067464 Changes: gnutls28 (3.7.9-2+deb12u3) bookworm; urgency=medium . * Update to 3.7.11: + Replace 60-auth-rsa_psk-side-step-potential-side-channel.patch 61-x509-detect-loop-in-certificate-chain.patch 62-rsa-psk-minimize-branching-after-decryption.patch with versions from gnutls_3_7_x branch instead of manual backports from 3.8.x. + Add 53-fips-fix-checking-on-hash-algorithm-used-in-ECDSA.patch (Fix checking on hash algorithm used in ECDSA in FIPS mode) and 54-fips-mark-composite-signature-API-not-approved.patch (Mark composite signature API non-approved in FIPS mode.) to allow straight cherry-picking of later patches. + 63_01-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835] Closes: #1067463 + 63_02-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834] Closes: #1067464 + 63_03-serv-fix-memleak-when-a-connected-client-disappears.patch Fix a memleak in gnutls-serv when a connected client disappears. + 63_04-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch Fix a segfault in _gnutls13_recv_end_of_early_data(). + 63_05-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch Fix a potential segfault in _gnutls13_recv_finished(). Checksums-Sha1: a29a32c7e06a672f8e724e5c4b08cd7dd99ffc43 3421 gnutls28_3.7.9-2+deb12u3.dsc 4d74829fb268fb0c31667d3eeb5efa424fdb28a1 103728 gnutls28_3.7.9-2+deb12u3.debian.tar.xz Checksums-Sha256: 3f136935775b93298a194049050769628c5a623e1e7a3021fcd3d9ac9fe0c171 3421 gnutls28_3.7.9-2+deb12u3.dsc affecf130f25873fd7b18d0904ce757535a0a743b2c770efe1dc7faf1db52328 103728 gnutls28_3.7.9-2+deb12u3.debian.tar.xz Files: 1c8abc659a7b7194f85a8e641d48f23c 3421 libs optional gnutls28_3.7.9-2+deb12u3.dsc 36b999d8149fa777937d70733891d33a 103728 libs optional gnutls28_3.7.9-2+deb12u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmZtg8IACgkQpU8BhUOC FIRNvA//T7Q8PmVqI3GReS9nhZ5COcX/Etrx+tKvZwBp2kWivlAZ7XHw+5j6Vy5g +QW6IhZigzokI41ZGVytuWOftZIvEe6ozJtcV3vE1US7tur7vuv4ZTb99r6PKtcE CrWECdnwkPfubeFm9MKG6gN1lc9sD2d9Y0Wdz9Og6aW22MwE8heqoDDNpa44ECxL lW/iRWVLtfBR3Ze/f2okYPVYcVKkK4gqb4ntAA7dZ/P1amt+Pr1YgPkMybKaOL00 iT7/jAnfqkJboG04v7mHxG8/B+/Zz1565QOEhKnVPFU/Ut1pI1w8msqwBSiuUH4R cNwLXn/LMWATCPcW3ipa9mLFymh2Hg7eBKpsJpdfFteTnLg16boehxHzA6eLAZ/Q bjzNz2++DhhNCxf2k9U7D1ItOPPyE6OsnaH4/Sdfo2Mv1pRrUh++YDJK1QJxhVL7 pI980LLRZQ3eD6hff0GGPllbPprb8nyBfVKjiPXBZC3L5JG8jReyDtm34oj6f/CC Bam00wVOEgibQsxT9lnEoxEEU7X0frXTJuY1hdmvp1BzvT8kWNhVGlARHGv08dp7 WClpZOXmqvrLrOqOHE8stKwdA9vgRvUP0VVFWbePiMIhScYTSD8nqxGGl5nnnmme rrPJYZhjda98UED4aSx5v0VEPns6WEAEf6j+6pgLuI8q4Urlkuc= =/nSx -----END PGP SIGNATURE-----