There are 3 open security issues in buster.
3 issues left for the package maintainer to handle:
- CVE-2020-24659:
(needs triaging)
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
- CVE-2021-20231:
(needs triaging)
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
- CVE-2021-20232:
(needs triaging)
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
You can find information about how to handle these issues in the security team's documentation.