-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Feb 2026 13:03:11 +0100 Source: gnutls28 Architecture: source Version: 3.7.1-5+deb11u9 Distribution: bullseye-security Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1121146 Changes: gnutls28 (3.7.1-5+deb11u9) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2025-9820: When a PKCS#11 token is initialized with gnutls_pkcs11_token_init function and it is passed a token label longer than 32 characters, it may write past the boundary of stack allocated memory. (Closes: #1121146) * Fix CVE-2025-14831: Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Checksums-Sha1: 5bd10f6299ddf662d25335905aae930031037d0f 3541 gnutls28_3.7.1-5+deb11u9.dsc 5de5d25534ee5910ea9ee6aaeeb6af1af4350c1e 6038388 gnutls28_3.7.1.orig.tar.xz 8c2c3aabe289987bbe51ddc1ad4a42558683ca66 854 gnutls28_3.7.1.orig.tar.xz.asc 6e5ff71e1831f65c4eecffaf35bc4faeefdbd1b4 132768 gnutls28_3.7.1-5+deb11u9.debian.tar.xz 05acc3ef64d900e8bfd4a4bf371f5a7a9dd75ef9 6054 gnutls28_3.7.1-5+deb11u9_source.buildinfo Checksums-Sha256: 43651971eb727d20ef648dc033e20fcb620c276687a6b8afa9832be165f38b33 3541 gnutls28_3.7.1-5+deb11u9.dsc 3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f 6038388 gnutls28_3.7.1.orig.tar.xz 13a683b12602c169a7ad7827ab0e3f35c8fa1f98675d0073cf7d54a8cd635582 854 gnutls28_3.7.1.orig.tar.xz.asc fb421a35577a7d9885de48f100f25d13eee9d18185c4a211141f1b167d67fcab 132768 gnutls28_3.7.1-5+deb11u9.debian.tar.xz d840929d528ff09d33719c9370fdc5d61a049bb4ada6f52e9e427179cabf987e 6054 gnutls28_3.7.1-5+deb11u9_source.buildinfo Files: 111f859c455a8c6409b5ac95f607cdef 3541 libs optional gnutls28_3.7.1-5+deb11u9.dsc 278e1f50d79cd13727733adbf01fde8f 6038388 libs optional gnutls28_3.7.1.orig.tar.xz 590c9d64f7d8ee77671cdb9547f5edaf 854 libs optional gnutls28_3.7.1.orig.tar.xz.asc 820b94d8a30b5481668d839e9c697fa3 132768 libs optional gnutls28_3.7.1-5+deb11u9.debian.tar.xz 8f4154db8aa95f042674a30217d44bbc 6054 libs optional gnutls28_3.7.1-5+deb11u9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmmeqU0ACgkQ05pJnDwh pVKf6Q//auRAnADVumzv4HTitDcGkIgm+RglFa4mZ0ppPF7Lzl93wV6V/ZdAL4LI HmxNZu0XqMsrFyMoNMZ2b7fihLG04JAOcYU9c8h1U38DB/1ASWGxzqma3fiKa2/D /Ahs/Lbr5VdKQCxHBD8bDphAcsdYM7WaavEAsEPkKpvEmPckx+kPR1R4baH/Zts3 dDrKNMuZruhkiXS0Z3++1xl4HsX/aZh/HC1WFaaFvA4rtfjhj2LuwrWHQnmB8E04 kd5xKB+Li+a7KZotrdhUuWy6ps/k3PhFTRC4npNPmdilsKg8pOyeVCBHuATWKG83 WOjHwdTsqaSVNCfOwUP53RjlLAZ1mva2TWzSyqsRoA2VTu8NHbltE6SRkMoQMxpd zAaFseXnn+2BK/owAW8c667ElYqgZRvXc7YE9OoxLJH97tUq+UWR/qEOA3zBbG3P swQjUgnPnSdYUrLKLI9PydDg2tzJOgPaUN5iGEtn3wcF5lsuv8/uGCmPQ88gXBRz Ys03LJq+unTIWgp1WgpMffejfFQ9vO1tJ2wMty183ePWrAWggQhoMJ+ehjcnxTow sUthDEMla50TsbmMqA7DJPHQH4kwLv2tQKanGQwltXeW1t6PbwiiuF30nJU+irO8 x5MO8D6hsj0Lwe7rQ3n+bIfDIBZj/Cyfz+7H2gs2mqkAJKNESM8= =eAE4 -----END PGP SIGNATURE-----
