Debian Package Tracker
Register | Log in
Subscribe

gnutls28

Choose email to subscribe with

general
  • source: gnutls28 (main)
  • version: 3.6.10-5
  • maintainer: Debian GnuTLS Maintainers (archive) (DMD)
  • uploaders: Eric Dorland [DMD] – Andreas Metzler [DMD] – Simon Josefsson [DMD] – James Westby [DMD]
  • arch: all any
  • std-ver: 4.4.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.3.8-6+deb8u7
  • o-o-sec: 3.3.30-0+deb8u1
  • oldstable: 3.5.8-5+deb9u4
  • old-sec: 3.5.8-5+deb9u1
  • stable: 3.6.7-4
  • testing: 3.6.10-5
  • unstable: 3.6.10-5
versioned links
  • 3.3.8-6+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.3.30-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.8-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.8-5+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.6.7-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.6.10-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gnutls-bin (10 bugs: 0, 7, 3, 0)
  • gnutls-doc
  • guile-gnutls
  • libgnutls-dane0
  • libgnutls-openssl27
  • libgnutls28-dev
  • libgnutls30 (1 bugs: 0, 1, 0, 0)
  • libgnutlsxx28
action needed
A new upstream version is available: 3.6.11.1 high
A new upstream version 3.6.11.1 is available, you should consider packaging it.
Created: 2019-12-02 Last update: 2019-12-06 22:32
3 security issues in stretch high
There are 3 open security issues in stretch.
3 important issues:
  • CVE-2019-3836: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
  • CVE-2019-3829: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
  • CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Please fix them.
Created: 2018-12-03 Last update: 2019-11-19 05:51
3 bugs tagged patch in the BTS normal
The BTS contains patches fixing 3 bugs, consider including or untagging them.
Created: 2019-04-01 Last update: 2019-12-06 23:01
Fails to build during reproducibility testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2019-11-02 Last update: 2019-12-06 18:47
1 ignored security issue in jessie low
There is 1 open security issue in jessie.
1 issue skipped by the security teams:
  • CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Please fix it.
Created: 2018-12-03 Last update: 2019-11-19 05:51
news
[rss feed]
  • [2019-11-19] gnutls28 3.6.10-5 MIGRATED to testing (Debian testing watch)
  • [2019-11-16] Accepted gnutls28 3.6.10-5 (source) into unstable (Andreas Metzler)
  • [2019-11-04] gnutls28 3.6.10-4 MIGRATED to testing (Debian testing watch)
  • [2019-11-02] Accepted gnutls28 3.6.10-4 (source) into unstable (Andreas Metzler)
  • [2019-11-02] gnutls28 3.6.10-3 MIGRATED to testing (Debian testing watch)
  • [2019-10-30] Accepted gnutls28 3.6.10-3 (source) into unstable (Andreas Metzler)
  • [2019-10-12] Accepted gnutls28 3.6.10-2 (source amd64 all) into experimental, experimental (Andreas Metzler)
  • [2019-10-12] Accepted gnutls28 3.6.10-1 (source amd64 all) into experimental, experimental (Andreas Metzler)
  • [2019-10-12] Accepted gnutls28 3.6.9-7 (source amd64 all) into experimental, experimental (Andreas Metzler)
  • [2019-09-21] Accepted gnutls28 3.6.9-6 (source) into experimental (Andreas Metzler)
  • [2019-09-16] gnutls28 3.6.9-5 MIGRATED to testing (Debian testing watch)
  • [2019-09-14] Accepted gnutls28 3.6.9-5 (source) into unstable (Andreas Metzler)
  • [2019-08-14] gnutls28 3.6.9-4 MIGRATED to testing (Debian testing watch)
  • [2019-08-08] Accepted gnutls28 3.6.9-4 (source) into unstable (Andreas Metzler)
  • [2019-08-03] Accepted gnutls28 3.6.9-3 (source) into unstable (Andreas Metzler)
  • [2019-08-02] Accepted gnutls28 3.6.9-2 (source) into unstable (Andreas Metzler)
  • [2019-07-27] Accepted gnutls28 3.6.9-1 (source) into experimental (Andreas Metzler)
  • [2019-07-15] gnutls28 3.6.8-2 MIGRATED to testing (Debian testing watch)
  • [2019-07-07] Accepted gnutls28 3.6.8-2 (source) into unstable (Andreas Metzler)
  • [2019-06-17] gnutls28 3.6.7-4 MIGRATED to testing (Debian testing watch)
  • [2019-06-12] Accepted gnutls28 3.6.7-4 (source) into unstable (Andreas Metzler)
  • [2019-06-02] gnutls28 3.6.7-3 MIGRATED to testing (Debian testing watch)
  • [2019-05-30] Accepted gnutls28 3.6.8-1 (source) into experimental (Andreas Metzler)
  • [2019-05-19] Accepted gnutls28 3.6.7-3 (source) into unstable (Andreas Metzler)
  • [2019-03-28] Accepted gnutls28 3.6.7-2 (source) into unstable (Andreas Metzler)
  • [2019-03-28] Accepted gnutls28 3.6.7-1 (source) into experimental (Andreas Metzler)
  • [2019-03-09] Accepted gnutls28 3.6.6-3 (source) into unstable (Andreas Metzler)
  • [2019-02-04] gnutls28 3.6.6-2 MIGRATED to testing (Debian testing watch)
  • [2019-01-26] Accepted gnutls28 3.6.6-2 (source) into unstable (Andreas Metzler)
  • [2019-01-25] Accepted gnutls28 3.6.6-1 (source) into experimental (Andreas Metzler)
  • 1
  • 2
bugs [bug history graph]
  • all: 17
  • RC: 0
  • I&N: 12
  • M&W: 5
  • F&P: 0
  • patch: 3
links
  • homepage
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.6.10-5
  • 17 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing