Back to gnutls28 PTS page

Accepted gnutls28 3.3.8-6+deb8u5 (all source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Apr 2017 18:10:51 +0200
Source: gnutls28
Binary: libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: all source
Version: 3.3.8-6+deb8u5
Distribution: jessie
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description: 
 gnutls-bin - GNU TLS library - commandline utilities
 gnutls-doc - GNU TLS library - documentation and examples
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls28-dbg - GNU TLS library - debugger symbols
 libgnutls28-dev - GNU TLS library - development files
 libgnutls-deb0-28 - GNU TLS library - main runtime library
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutlsxx28 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.3.8-6+deb8u5) jessie; urgency=medium
 .
   * Pull multiple fixes from gnutls_3_3_x branch:
     + 55_00_pkcs12-fixed-the-calculation-of-p_size.patch
       Fixed issue in PKCS#12 password encoding, which truncated
       passwords over 32-characters. Reported by Mario Klebsch.
     + 55_01_gnutls_x509_ext_import_proxy-fix-issue-reading-the-p.patch
       Fix double free in certificate information printing. If the PKIX
       extension proxy was set with a policy language set but no policy
       specified, that could lead to a double free. [GNUTLS-SA-2017-1]
       CVE-2017-5334
     + 55_02_auth-rsa-eliminated-memory-leak-on-pkcs-1-formatting.patch
       Addressed memory leak in server side error path (issue found using
       oss-fuzz project)
     + 55_03_opencdk-Fixes-to-prevent-undefined-behavior-found-wi.patch
       55_04_Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
       55_05_Attempt-to-fix-a-leak-in-OpenPGP-cert-parsing.patch
       55_06_Corrected-a-leak-in-OpenPGP-sub-packet-parsing.patch
       55_07_opencdk-read_attribute-added-more-precise-checks-whe.patch
       55_08_opencdk-cdk_pk_get_keyid-fix-stack-overflow.patch
       55_09_opencdk-added-error-checking-in-the-stream-reading-f.patch
       55_10_opencdk-improved-error-code-checking-in-the-stream-r.patch
       55_11_opencdk-read-packet.c-corrected-typo-in-type-cast.patch
       Addressed memory leaks and an infinite loop in OpenPGP certificate
       parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
       Addressed invalid memory accesses in OpenPGP certificate parsing.
       (issues found using oss-fuzz project) [GNUTLS-SA-2017-2]
       CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
     + 55_12_gnutls_pkcs11_obj_list_import_url2-Always-return-an-.patch
       When returning success, but no elements,
       gnutls_pkcs11_obj_list_import_url4, could have returned zero number of
       elements with a pointer that was uninitialized. Ensure that an
       initialized (i.e., null in that case), pointer is always returned.
     + 55_13_cdk_pkt_read-enforce-packet-limits.patch Addressed integer
       overflow resulting to invalid memory write in OpenPGP certificate
       parsing.  Issue found using oss-fuzz project:
       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
       [GNUTLS-SA-2017-3A] CVE-2017-7869
     + 55_14_opencdk-read_attribute-account-buffer-size.patch Addressed read
       of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue
       found using oss-fuzz project:
       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
       (This patch is from gnutls_3_5_x branch.)
     + 55_15_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
       Addressed crashes in OpenPGP certificate parsing, related to private key
       parser. No longer allow OpenPGP certificates (public keys) to contain
       private key sub-packets. Issue found using oss-fuzz project:
       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
       [GNUTLS-SA-2017-3B]
     + 55_16_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch
       Addressed large allocation in OpenPGP certificate parsing, that could
       lead in out-of-memory condition. Issue found using oss-fuzz project, and
       was fixed by Alex Gaynor:
       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
       [GNUTLS-SA-2017-3C]
Checksums-Sha1: 
 4e8d1672d1a0b41d352bd5c91adb4e7dff63f192 2958 gnutls28_3.3.8-6+deb8u5.dsc
 ce6241850b3f6520b32ad15d4b398e4769fd2a95 104392 gnutls28_3.3.8-6+deb8u5.debian.tar.xz
 de484ee2bc2a1f11f523aa7cbd23700da6a57b12 3628304 gnutls-doc_3.3.8-6+deb8u5_all.deb
Checksums-Sha256: 
 1143c5b76a6899ab266e1e33840d87026108c4623a2ae4c44d1f00a9643ef54d 2958 gnutls28_3.3.8-6+deb8u5.dsc
 fa47161ac81d77daaa7269e22f0edc037c356dc4386ba785ab201b681c1a9328 104392 gnutls28_3.3.8-6+deb8u5.debian.tar.xz
 f2ad5361e395e31832fae73a1d2e63d18b59d9847aae3fd894946c83e926275d 3628304 gnutls-doc_3.3.8-6+deb8u5_all.deb
Files: 
 f9a9a26fd919f01efbc1b32d59420447 2958 libs optional gnutls28_3.3.8-6+deb8u5.dsc
 c79e1d2e63dd704dce6e0ef783f403fc 104392 libs optional gnutls28_3.3.8-6+deb8u5.debian.tar.xz
 59b740c649371a4ff67695a7ff26f618 3628304 doc optional gnutls-doc_3.3.8-6+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlkCG1EACgkQpU8BhUOC
FIRSeRAAgUnJMPCug4UbUV5ZQUXKOUMRLsnQb9ospZO9NaIWS6/bo1GJ1mRJLCN2
WMaXCWacgLHjB/tsQ8sWKFGbwYwIsBdu1gn8qSwgkcWfJf5mcTRB7uX9YZN4hU0r
BHS1dY9x4lnO2uOPhhKfjaatc+rw1YkiNDx5B87c8vTrCMyRm5EeJIv2iCYe+qR6
HlJtC+uF8jxwIYmSxuV0nfnP7EVQZzwY2lEDMGbY25LkVX257O7K2CirmKu0XbTm
EjM9U0gM3cPgORqd5neSMTqYEmThm8V1Eb/A0lobqsKfC0Gj08VeXsKOZHQg1sHX
VAs/rMcgrZbgxkEJyTgnhm1l83XLAXWO0gDX+UE16hdAG1lwpzXjnC2jIXXzGZUC
ZTLkN/xv0l5ZiUKJiRj2yp8z5QKhXED5jd1eHm5UqVeDM6j1apDs8ZvfowFMHcZQ
8F8AK2mBc8x9cikKFmyBeKRWyS8GtenbTGDIqXic1AerJw2EbDgfdYgANV6w/vtA
XmUI6mICgz+0OFLBWvOsN5zPdS+PQ7b4jcTB0877LsZ61m6oEbUg9Ei2V7Nu+Ly/
e0IR0mxLezLu1oMIzpIHgXfVlopE7vrlVW6ZFkOK4axVTt6lLi8JLqB05AkKQVz/
AmtfNN4PdKjzWUesl22FKxXDHIpxaHJLVK52nS8+mxEDWPlSZfc=
=vy3M
-----END PGP SIGNATURE-----