Ubuntu
gnutls28 package

Please merge gnutls28 3.7.1-4 (main) from Debian unstable

Bug #1929229 reported by William Wilson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnutls28 (Ubuntu)
Fix Released
Wishlist
William Wilson

Bug Description

This requires a merge because there are changes in the Ubuntu version not present in the Debian version.

CVE References

Revision history for this message
William Wilson (jawn-smith) wrote :
Changed in gnutls28 (Ubuntu):
status: New → Confirmed
assignee: nobody → William Wilson (jawn-smith)
Revision history for this message
William Wilson (jawn-smith) wrote :
Mathew Hodson (mhodson)
Changed in gnutls28 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Brian Murray (brian-murray) wrote :

I've gone ahead and uploaded this for impish but I made one modification to the changelog entry. I dropped the line regarding "* Merge CVE fixes CVE-2021-20231 CVE-2021-20232" because there isn't anything different about the Ubuntu version of the package from Debian. We can see that those CVE fixes were included in Debian.

gnutls28 (3.7.1-1) unstable; urgency=medium

  * New upstream version
    Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
    extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
  * Upload to unstable.

 -- Andreas Metzler <email address hidden> Wed, 10 Mar 2021 19:02:31 +0100

I'm not sure why a previous uploader added that line to their changelog but it seems unnecessary.

Revision history for this message
Brian Murray (brian-murray) wrote :

gnutls28 (3.7.1-4ubuntu1) impish; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).
  * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004

gnutls28 (3.7.1-4) unstable; urgency=medium

  * Pull fixes from upstream Git master
    + Ensure array allocations overflow safe.
      https://gitlab.com/gnutls/gnutls/-/issues/1179
      56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch
      56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch
      56_17-build-avoid-potential-integer-overflow-in-array-allo.patch
      56_18-build-avoid-integer-overflow-in-additions.patch
      56_19-_gnutls_calloc-remove-unused-function.patch
    + Add option to disable TLS 1.3 middlebox compatibility mode
      https://gitlab.com/gnutls/gnutls/-/issues/1208
      56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch
      (Changes gperf input file, add b-d on gperf.)
    + Fix session-id changing when responding to HelloRetryRequest
      56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch
      https://gitlab.com/gnutls/gnutls/-/issues/1210
    + Fix timing of sending TLSv1.3 early data.
      56_28-handshake-fix-timing-of-sending-early-data.patch
      https://gitlab.com/gnutls/gnutls/-/issues/1146

 -- William 'jawn-smith' Wilson <email address hidden> Fri, 21 May 2021 10:29:32 -0600

Changed in gnutls28 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.