Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted gnutls28 3.7.9-2+deb12u7 (source) into oldstable-security
Date: Tue, 19 May 2026 20:37:08 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 May 2026 13:57:52 +0200
Source: gnutls28
Architecture: source
Version: 3.7.9-2+deb12u7
Distribution: bookworm-security
Urgency: high
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 1135319
Changes:
 gnutls28 (3.7.9-2+deb12u7) bookworm-security; urgency=high
 .
   * Cherry-pick fixes from 3.8.13 release for oldstable.
     + This includes fixes for these issues: CVE-2026-3833 CVE-2026-5260
       CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009
       CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013
       CVE-2026-42014 CVE-2026-42015.
     + CVE-2026-3832 only applied to release 3.8.9 and later, no patch needed.
     + Patchset pulled from CentOS c8s (3.6.16), split into patchlets, unfuzzed,
       adapted for 3.7 (adds
       72_0015_gnutls-3.6.16-1810-ocsp-truncated-eku.10.patch). Also added
       those patches from CentOS c9s (3.8.10) that are relevant for 3.7.9 (but
       where not for 3.6.16).
     Closes: #1135319
Checksums-Sha1: 
 39d8882c6435eb9c804a5b924bde5830b4ea3836 3421 gnutls28_3.7.9-2+deb12u7.dsc
 ca11670f3997c32da1e6b2c3a1069a500c35f8cb 164116 gnutls28_3.7.9-2+deb12u7.debian.tar.xz
Checksums-Sha256: 
 027b2f60e38add78ee611d099dbf34e977a6600d446cc39673534b736a182cb6 3421 gnutls28_3.7.9-2+deb12u7.dsc
 bcfcf396482ce7635df255abeff1c811321a84f016c95677db28f56908b25595 164116 gnutls28_3.7.9-2+deb12u7.debian.tar.xz
Files: 
 64b1647a9ea7ba7f400e665e957f7ad1 3421 libs optional gnutls28_3.7.9-2+deb12u7.dsc
 a476ae166b36b494aa9b2118681368fd 164116 libs optional gnutls28_3.7.9-2+deb12u7.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoHHBgACgkQpU8BhUOC
FIR6KxAAg5G/AqwbxAHPcZX8gJfX1tL0ld1cNZXYTEguSrkqbCoGWMsa/JPRgL05
WNRBlGE5/L2XN1bbVoQBCpTS7aqk5+g1E98G4NkQjNBM7QlwHsGyAbQzTD3WDTHh
2JuUO0KescbLP6MVHkBcRwFl6IBA9lqIZOf2dsyPVqgZpc96X7yApqdKbyqq785I
dAN8x+1vkL9SYTkxqf5efkOrr3VbAGdJXyhV15lQhQceGmck20ihJKdT0j77+SNl
XfCjLspisewxXAQiqNvHKm9fdwFmRt2LwnH4R+wVbtaphyV6orfnxICciMAavMcv
zdAGpRhhVr+n3wVxHTzhrnTis/0ieYMW2yCo45l7XdjTy1a8XbLZdJSEJVTN4sbf
4VkhJpLSp6Z1LMK/TTLrB9uvoap1PBkOWux23SSB32E8B6rSrQ60XOu3ZXTG2j/F
dJDMisfUDS1ij0Ahl28AdKXbdS+2is5ZxwHO38jDDeqiwi8W4CXcVSuLz46h+cH/
Jwt/lFJu+A9yYXKAZytPwmHRe8WGQKvcNvGksqPravmpZxcsYGdPcpvgDB+ydOSK
ztxTRZh5N7QezJIE8hbb0SMXU3qsjxJc4Ru75tqFBv9RgkKQUtJSI9u0IS8z8vX0
M8MUXJc3iFHi0B5h8fm6jtoCEmmleMRsma9BcNzTDBPobFp9Us8=
=Du+g
-----END PGP SIGNATURE-----

News for package gnutls28