gnutls28 (3.7.3-4ubuntu1.6) jammy-security; urgency=medium
* SECURITY UPDATE: resource consumption issue when decoding DER-encoded
certificate data
- debian/patches/CVE-2024-12243.patch: optimize name constraints
processing in lib/datum.c, lib/x509/name_constraints.c,
lib/x509/x509_ext.c, lib/x509/x509_ext_int.h, lib/x509/x509_int.h.
- CVE-2024-12243
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Feb 2025 10:33:01 -0500
gnutls28 (3.7.3-4ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 12 Apr 2024 09:51:00 -0400
gnutls28 (3.7.3-4ubuntu1.4) jammy-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
- debian/patches/CVE-2024-0553.patch: minimize branching after
decryption in lib/auth/rsa_psk.c.
- CVE-2024-0553
* SECURITY UPDATE: DoS via certificate chain with distributed trust
- debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
in lib/x509/common.c, tests/test-chains.h.
- CVE-2024-0567
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Jan 2024 12:22:01 -0500
gnutls28 (3.7.3-4ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 17 Nov 2023 09:19:42 -0500
gnutls28 (3.7.3-4ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: timing sidechannel in RSA decryption
- debian/patches/CVE-2023-0361-1.patch: side-step potential
side-channel in lib/auth/rsa.c.
- debian/patches/CVE-2023-0361-2.patch: remove dead code in
lib/auth/rsa.c.
- CVE-2023-0361
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 Feb 2023 16:13:17 -0500
gnutls28 (3.7.3-4ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Double free in verification of pkcs7 signatures
- debian/patches/CVE-2022-2509.patch: fix double free during
gnutls_pkcs7_verify in lib/x509/pkcs7.c,
tests/pkcs7-verify-double-free.c, tests/Makefile.am.
- CVE-2022-2509
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Aug 2022 08:48:56 -0400
gnutls28 (3.7.3-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
-- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 24 Jan 2022 09:23:08 +0100
gnutls28 (3.7.3-4) unstable; urgency=low
[ Helmut Grohne ]
* Fix FTCBFS: Annotate python3 dependency with :any. (Closes: #1004183)
[ Andreas Metzler ]
* CI: Sort test list.
* CI: Skip another test wrapping a binary test.
* CI: Fix missed &> redirection.
-- Andreas Metzler <ametzler@debian.org> Sun, 23 Jan 2022 08:14:48 +0100
gnutls28 (3.7.3-3) unstable; urgency=low
* Fix CI errors:
+ Set PKCS12_ITER_COUNT=600000, avoid more tests requiring a special test
binary.
+ 40_bashism_in_test.diff: Avoid &> redirection.
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Jan 2022 07:45:00 +0100
gnutls28 (3.7.3-2) unstable; urgency=low
* B-d on python3 instead of python3-minimal, the json module is not part of
-minimal.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Thu, 20 Jan 2022 18:40:59 +0100
# For older changelog entries, run 'apt-get changelog libgnutls30'
Generated by dwww version 1.14 on Mon Apr 14 17:36:05 CEST 2025.