Univention Bugzilla – Bug 55095
gnutls28: Multiple issues (5.0)
Last modified: 2022-08-17 17:32:06 CEST
New Debian gnutls28 3.6.7-4+deb10u9 fixes: This update addresses the following issues: * Null pointer dereference in MD_UPDATE (CVE-2021-4209) * Double free during gnutls_pkcs7_verify. (CVE-2022-2509)
--- mirror/ftp/pool/main/g/gnutls28/gnutls28_3.6.7-4+deb10u7.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/gnutls28_3.6.7-4+deb10u9.dsc @@ -1,3 +1,15 @@ +3.6.7-4+deb10u9 [Wed, 10 Aug 2022 14:59:38 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-2509: double free in gnutls_pkcs7_verify. + * CVE-2021-4209: null pointer dereference in wrap_nettle_hash_fast. + +3.6.7-4+deb10u8 [Mon, 21 Mar 2022 22:46:29 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Non-maintainer upload. + * Backport 48_testcompat-openssl-improve-testing-against-secured-O.patch to + pass testsuite with openssl 1.1.1e. + 3.6.7-4+deb10u7 [Fri, 14 May 2021 13:33:38 +0200] Andreas Metzler <ametzler@debian.org>: * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from <http://piuparts.knut.univention.de/5.0-2/#6016256816908179683>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] eb1c098ebe Bug #55095: gnutls28 3.6.7-4+deb10u9 doc/errata/staging/gnutls28.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x383>