Register | Log in

gnutls28

Choose email to subscribe with

general

source: gnutls28 (main)
version: 3.6.9-5
maintainer: Debian GnuTLS Maintainers (archive) (DMD)
uploaders: Eric Dorland [DMD] – Andreas Metzler [DMD] – James Westby [DMD] – Simon Josefsson [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.8-6+deb8u7
o-o-sec: 3.3.30-0+deb8u1
oldstable: 3.5.8-5+deb9u4
old-sec: 3.5.8-5+deb9u1
stable: 3.6.7-4
testing: 3.6.9-5
unstable: 3.6.9-5

versioned links

3.3.8-6+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.30-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.8-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.8-5+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.7-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.9-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gnutls-bin (10 bugs: 0, 7, 3, 0)
gnutls-doc
libgnutls-dane0
libgnutls-openssl27
libgnutls28-dev
libgnutls30
libgnutlsxx28

action needed

3 security issues in stretch high

There are 3 open security issues in stretch.

3 important issues:

CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Please fix them.

Created: 2018-12-03 Last update: 2019-09-16 06:41

lintian reports 5 warnings high

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-20 Last update: 2019-08-11 07:36

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs (5 if counting merged bugs), consider including or untagging them.

Created: 2019-04-01 Last update: 2019-09-19 21:34

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Please fix it.

Created: 2018-12-03 Last update: 2019-09-16 06:41

testing migrations

This package will soon be part of the auto-nettle transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2019-09-16] gnutls28 3.6.9-5 MIGRATED to testing (Debian testing watch)
[2019-09-14] Accepted gnutls28 3.6.9-5 (source) into unstable (Andreas Metzler)
[2019-08-14] gnutls28 3.6.9-4 MIGRATED to testing (Debian testing watch)
[2019-08-08] Accepted gnutls28 3.6.9-4 (source) into unstable (Andreas Metzler)
[2019-08-03] Accepted gnutls28 3.6.9-3 (source) into unstable (Andreas Metzler)
[2019-08-02] Accepted gnutls28 3.6.9-2 (source) into unstable (Andreas Metzler)
[2019-07-27] Accepted gnutls28 3.6.9-1 (source) into experimental (Andreas Metzler)
[2019-07-15] gnutls28 3.6.8-2 MIGRATED to testing (Debian testing watch)
[2019-07-07] Accepted gnutls28 3.6.8-2 (source) into unstable (Andreas Metzler)
[2019-06-17] gnutls28 3.6.7-4 MIGRATED to testing (Debian testing watch)
[2019-06-12] Accepted gnutls28 3.6.7-4 (source) into unstable (Andreas Metzler)
[2019-06-02] gnutls28 3.6.7-3 MIGRATED to testing (Debian testing watch)
[2019-05-30] Accepted gnutls28 3.6.8-1 (source) into experimental (Andreas Metzler)
[2019-05-19] Accepted gnutls28 3.6.7-3 (source) into unstable (Andreas Metzler)
[2019-03-28] Accepted gnutls28 3.6.7-2 (source) into unstable (Andreas Metzler)
[2019-03-28] Accepted gnutls28 3.6.7-1 (source) into experimental (Andreas Metzler)
[2019-03-09] Accepted gnutls28 3.6.6-3 (source) into unstable (Andreas Metzler)
[2019-02-04] gnutls28 3.6.6-2 MIGRATED to testing (Debian testing watch)
[2019-01-26] Accepted gnutls28 3.6.6-2 (source) into unstable (Andreas Metzler)
[2019-01-25] Accepted gnutls28 3.6.6-1 (source) into experimental (Andreas Metzler)
[2019-01-06] Accepted gnutls28 3.6.5+git20190105-1 (source) into experimental (Andreas Metzler)
[2018-12-31] gnutls28 3.6.5-2 MIGRATED to testing (Debian testing watch)
[2018-12-16] Accepted gnutls28 3.6.5-2 (source) into unstable (Andreas Metzler)
[2018-12-05] Accepted gnutls28 3.6.5-1 (source) into experimental (Andreas Metzler)
[2018-10-30] Accepted gnutls28 3.3.30-0+deb8u1 (source amd64 all) into oldstable (Antoine Beaupré)
[2018-10-27] Accepted gnutls28 3.5.8-5+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Andreas Metzler)
[2018-09-29] Accepted gnutls28 3.6.4-2 (source) into experimental (Andreas Metzler)
[2018-09-27] Accepted gnutls28 3.6.4-1 (source) into experimental (Andreas Metzler)
[2018-08-18] Accepted gnutls28 3.6.3+git20180815-2 (source) into experimental (Andreas Metzler)
[2018-08-15] Accepted gnutls28 3.6.3+git20180815-1 (source) into experimental (Andreas Metzler)

1
2

bugs [bug history graph]

all: 17 18
RC: 0
I&N: 12 13
M&W: 5
F&P: 0
patch: 4 5

links

homepage
lintian (0, 5)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.6.9-4build1
16 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing