Ubuntu
gnutls28 package

gnutls28: merge 3.7.9-1

Bug #2013091 reported by Adrien Nader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnutls28 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

gnutls28 (3.7.9-1) unstable; urgency=medium
.
  * Drop unused lintian override.
  * New upstream version.
    + Drop cherrypicked patches.

### debian/patches/series diff between Ubuntu and Debian ###

diff --git a/debian/patches/series b/debian/patches/series
index eb1315c29..00628b3db 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,9 @@
 40_srptest_doubletimeout.diff
 50_Fix-removal-of-duplicate-certs-during-verification.patch
 51_add-gnulib-linkedhash-list-module.diff
+55_01-auth-rsa-side-step-potential-side-channel.patch
+55_02-rsa-remove-dead-code.patch
+55_03-document-the-CVE-fix.patch
+
+# Ubuntu patches
+9259100633b77a0dc03f83047d7cf778466bf9f3.patch

### debian/ diff stats between Debian current and previous versions ###

 debian/changelog | 8 ++++++++
 debian/copyright | 13 ++++++++-----
 debian/patches/55_01-auth-rsa-side-step-potential-side-channel.patch | 53 -----------------------------------------------------
 debian/patches/55_02-rsa-remove-dead-code.patch | 84 ------------------------------------------------------------------------------------
 debian/patches/55_03-document-the-CVE-fix.patch | 37 -------------------------------------
 debian/patches/series | 3 ---
 debian/source/lintian-overrides | 3 ---
 7 files changed, 16 insertions(+), 185 deletions(-)

### Total diff stats summary between Debian current and previous versions ###

 1330 files changed, 22357 insertions(+), 17288 deletions(-)

CVE References

Revision history for this message
Adrien Nader (adrien) wrote :

I think this is actually not needed.

3.7.8-5 contains all the patches from 3.7.9 that matter. It's actually visible from the 3.7.8-5 changelog:
  Effectively update to 3.7.9, fixing GNUTLS-SA-2020-07-14 / CVE-2023-0361

Changed in gnutls28 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.