Debian Package Tracker

From: Antoine Beaupré <anarcat@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted gnutls28 3.3.30-0+deb8u1 (source amd64 all) into oldstable
Date: Tue, 30 Oct 2018 15:50:35 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 30 Oct 2018 10:26:33 -0400
Source: gnutls28
Binary: libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: source amd64 all
Version: 3.3.30-0+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 gnutls-doc - GNU TLS library - documentation and examples
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-deb0-28 - GNU TLS library - main runtime library
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dbg - GNU TLS library - debugger symbols
 libgnutls28-dev - GNU TLS library - development files
 libgnutlsxx28 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.3.30-0+deb8u1) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Backport 3.3.30 from upstream to address CVE-2018-10844,
     CVE-2018-10845 and CVE-2018-10846.
   * Add net-tools dependency for test suite which expects the netstat
     command.
   * Removed patches already present upstream:
     * 35_recheck_urandom_fd.diff
     * 36_less_refresh-rnd-state.diff
     * 37_X9.63_sanity_check.diff
     * 38_testforsanitycheck.diff
     * 39_check-whether-the-two-signatur.patch
     * 40_no_more_ssl3.diff
     * 45_eliminated-double-free.diff
     * 46_Better-fix-for-the-double-free.diff
     * 47_GNUTLS-SA-2015-3.patch
     * 50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
     * 51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
     * 51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
     * 51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
     * 52_CVE-2016-7444_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
     * 53_nettle-use-rsa_-_key_prepare-on-key-import.patch
     * 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
     * 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
     * 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
     * 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
     * 55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
     * 55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
     * 55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
     * 55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
     * 55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
     * 55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
     * 55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
     * 55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
     * 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
     * 55_13_cdk_pkt_read-enforce-packet-limits.patch
     * 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
     * 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
     * 56_CVE-2017-7507_1-ext-status_request-ensure-response-IDs-are-pro.patch
     * 56_CVE-2017-7507_2-ext-status_request-Removed-the-parsing-of-resp.patch
     * 56_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-docum.patch
     * 57_urandom-use-st_ino-and-st_rdev-to-determine-device-u.patch
Checksums-Sha1:
 7d7bc6a7d1ded21878fa42c2966638b87455fd51 2628 gnutls28_3.3.30-0+deb8u1.dsc
 05d7e38e1b386be9683a23f873b7e049d49db332 6392748 gnutls28_3.3.30.orig.tar.xz
 5e38dfe5ea73d6339251599d1f7983c724976bca 46352 gnutls28_3.3.30-0+deb8u1.debian.tar.xz
 16d8f1e9850b85ac669e77e4ff18aa8aa0523e22 686078 libgnutls28-dev_3.3.30-0+deb8u1_amd64.deb
 9d55faa617eea6e2911e10dac247edbd8089c032 749304 libgnutls-deb0-28_3.3.30-0+deb8u1_amd64.deb
 5a8d1dfc88e7c3313f45543b25a75e2ce893329c 2379100 libgnutls28-dbg_3.3.30-0+deb8u1_amd64.deb
 de17b17a6b1af46e5adf142af687405900d2e077 340728 gnutls-bin_3.3.30-0+deb8u1_amd64.deb
 43b935c8a92c72529d625de5e7ddb4a1716f9e4f 3686044 gnutls-doc_3.3.30-0+deb8u1_all.deb
 17cae70e045184faaf7c12d0c3f100357d4b355d 213076 guile-gnutls_3.3.30-0+deb8u1_amd64.deb
 127e8b4f9f8932bb158dd655c116212015576fbc 14668 libgnutlsxx28_3.3.30-0+deb8u1_amd64.deb
 d7a59e9c023fcee34d88dd7936fe77fd692d174d 180440 libgnutls-openssl27_3.3.30-0+deb8u1_amd64.deb
Checksums-Sha256:
 01be8c173d3ffbe984b5dddb3ada3f6e984e1219daf9d9af14c0512b965a3dbb 2628 gnutls28_3.3.30-0+deb8u1.dsc
 41d70107ead3de2f12390909a05eefc9a88def6cd1f0d90ea82a7dac8b8effee 6392748 gnutls28_3.3.30.orig.tar.xz
 f3055451c76ba5c805f558b676bc5b83fbbc5cce9332d2fc0bece2c180165d6f 46352 gnutls28_3.3.30-0+deb8u1.debian.tar.xz
 b04cb507f549dcaa3eb2c4ece627134ff093fb369b1b6f635f53b207cdf7f55c 686078 libgnutls28-dev_3.3.30-0+deb8u1_amd64.deb
 2f6c44f0ba6a4b4261c58065843b4997c796b6346f2784d4fe8f949fb136ea1c 749304 libgnutls-deb0-28_3.3.30-0+deb8u1_amd64.deb
 04108628777b55e42d82a78b08b86d946c26998a081e1973c12a71b9e9179244 2379100 libgnutls28-dbg_3.3.30-0+deb8u1_amd64.deb
 e94122056f25a46e35c6f876f3904b83526df9576f726085442c2d4d85326dc2 340728 gnutls-bin_3.3.30-0+deb8u1_amd64.deb
 7a009073b4dbf68de71ff3591573829fef933166713961959991009bd15c02da 3686044 gnutls-doc_3.3.30-0+deb8u1_all.deb
 30b9344224724d257f0e7252a4e4fbc1e1253fe072af6f5e64925e102bbee89c 213076 guile-gnutls_3.3.30-0+deb8u1_amd64.deb
 b5aa04fb8b5d7ef6f5ffe177dbe5427068401cca317aad0e465e168d88d4678f 14668 libgnutlsxx28_3.3.30-0+deb8u1_amd64.deb
 20b8679d70723feaa9e04f83c65225b0ba53642537ecedde486da8c0c257f430 180440 libgnutls-openssl27_3.3.30-0+deb8u1_amd64.deb
Files:
 a8a1f399ed97fc777709af2bc90a00a4 2628 libs optional gnutls28_3.3.30-0+deb8u1.dsc
 748f4c194a51ca9f2c02d9b7735262c2 6392748 libs optional gnutls28_3.3.30.orig.tar.xz
 3be1fde48a35320850ba08de5fadb167 46352 libs optional gnutls28_3.3.30-0+deb8u1.debian.tar.xz
 4450b5e5cdc4bf32c0556a988851b8ac 686078 libdevel optional libgnutls28-dev_3.3.30-0+deb8u1_amd64.deb
 afbb718d7c314b3f710b1a868a208ee0 749304 libs standard libgnutls-deb0-28_3.3.30-0+deb8u1_amd64.deb
 e73691e1ef3b0b54f8025ea312643f71 2379100 debug extra libgnutls28-dbg_3.3.30-0+deb8u1_amd64.deb
 f2c022ea1b844334937407c322193d09 340728 net optional gnutls-bin_3.3.30-0+deb8u1_amd64.deb
 378b0c2a10f2704a458560147b5a5816 3686044 doc optional gnutls-doc_3.3.30-0+deb8u1_all.deb
 32deef8f13941556fce784652f9d9de6 213076 lisp optional guile-gnutls_3.3.30-0+deb8u1_amd64.deb
 ff4397b731bf6b4365a1dfbcfe13cc6f 14668 libs extra libgnutlsxx28_3.3.30-0+deb8u1_amd64.deb
 38d9b1b5d0eafd679809099a65a82cf7 180440 libs standard libgnutls-openssl27_3.3.30-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlvYeOgACgkQPqHd3bJh
2Xsl9QgAkJTq1yyiTOCHgEv8rlGTuEAPxW6U0EliBrE3bi/hXj8NWuEvQ+qO8W4u
1jpsV3wm80Aop+QWToFq92XZbx5QZCen7Zv+BghYEi5+nYdITdUjwWBnr0taEm33
K9zumfcWc2qn4tyNF31fVqT/s4ipDtPN1ZIDEPQd2Kq7HZz7q2gcHZOOB/4+6d82
9RcN04sDxYwiotqvChnEPb11fR814j4JAUptSsKvRrysEXW3sxxNoavUWezzwd9f
dwVmO8dtalC4RAKAvi7y/j/42jUYZhLTTi62x8hfNbcezkbAldjkrCVeBxTQJlRh
3wBUW2NPHDOmw2mvgv0nUiExtSw13w==
=SHxs
-----END PGP SIGNATURE-----
News for package gnutls28
