diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 34bc950..8c432bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,33 @@ +gnutls28 (3.7.9-2+deb12u3) bookworm; urgency=medium + + * Update to 3.7.11: + + Replace 60-auth-rsa_psk-side-step-potential-side-channel.patch + 61-x509-detect-loop-in-certificate-chain.patch + 62-rsa-psk-minimize-branching-after-decryption.patch with versions from + gnutls_3_7_x branch instead of manual backports from 3.8.x. + + Add 53-fips-fix-checking-on-hash-algorithm-used-in-ECDSA.patch (Fix + checking on hash algorithm used in ECDSA in FIPS mode) and + 54-fips-mark-composite-signature-API-not-approved.patch (Mark composite + signature API non-approved in FIPS mode.) to allow + straight cherry-picking of later patches. + + 63_01-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch + libgnutls: Fixed a bug where certtool crashed when verifying a + certificate chain with more than 16 certificates. Reported by William + Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: + medium] [CVE-2024-28835] Closes: #1067463 + + 63_02-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch + libgnutls: Fix side-channel in the deterministic ECDSA. + Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: + medium] [CVE-2024-28834] Closes: #1067464 + + 63_03-serv-fix-memleak-when-a-connected-client-disappears.patch + Fix a memleak in gnutls-serv when a connected client disappears. + + 63_04-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch + Fix a segfault in _gnutls13_recv_end_of_early_data(). + + 63_05-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch + Fix a potential segfault in _gnutls13_recv_finished(). + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Jun 2024 13:22:35 +0200 + gnutls28 (3.7.9-2+deb12u2) bookworm; urgency=medium * Cherrypick two CVE fixes from 3.8.3: |