Please merge gnutls28 3.7.1-4 (main) from Debian unstable
Bug #1929229 reported by
William Wilson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
Fix Released
|
Wishlist
|
William Wilson |
Bug Description
This requires a merge because there are changes in the Ubuntu version not present in the Debian version.
CVE References
Changed in gnutls28 (Ubuntu): | |
importance: | Undecided → Wishlist |
To post a comment you must log in.
I've gone ahead and uploaded this for impish but I made one modification to the changelog entry. I dropped the line regarding "* Merge CVE fixes CVE-2021-20231 CVE-2021-20232" because there isn't anything different about the Ubuntu version of the package from Debian. We can see that those CVE fixes were included in Debian.
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version SA-2021- 03-10. CVE-2021-20231 CVE-2021-20232
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-
* Upload to unstable.
-- Andreas Metzler <email address hidden> Wed, 10 Mar 2021 19:02:31 +0100
I'm not sure why a previous uploader added that line to their changelog but it seems unnecessary.