Format: 1.8 Date: Fri, 12 Apr 2024 09:12:36 -0400 Source: gnutls28 Binary: gnutls-bin libgnutls-dane0 libgnutls-openssl27 libgnutls28-dev libgnutls30 Built-For-Profiles: noudeb Architecture: i386 i386_translations Version: 3.8.1-4ubuntu1.3 Distribution: mantic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gnutls-bin - GNU TLS library - commandline utilities libgnutls-dane0 - GNU TLS library - DANE security support libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper libgnutls28-dev - GNU TLS library - development files libgnutls30 - GNU TLS library - main runtime library Changes: gnutls28 (3.8.1-4ubuntu1.3) mantic-security; urgency=medium . * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 * SECURITY UPDATE: crash via specially-crafted cert bundle - debian/patches/CVE-2024-28835.patch: remove length limit of input in lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c, tests/test-chains.h. - CVE-2024-28835 Checksums-Sha1: 2213a2d748751f5f626b67484c7298e476dd7c36 893310 gnutls-bin-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb efadf7e88c1c72ed661d3076347250887e0cccf3 301624 gnutls-bin_3.8.1-4ubuntu1.3_i386.deb a356405507e979fb95633a24c8df427a6d3587c8 9630 gnutls28_3.8.1-4ubuntu1.3_i386.buildinfo aad3007df2d3b34454d14729fa6d45d0d21aba60 424183 gnutls28_3.8.1-4ubuntu1.3_i386_translations.tar.gz 05ea9ab2d987174f36e4f6c450086b3fe74b57cc 82228 libgnutls-dane0-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 9195a41e52f468a2a0e142362b33d28bebbdd10a 40726 libgnutls-dane0_3.8.1-4ubuntu1.3_i386.deb e0a8073c7e2681406feda4ff3ec751249a2e3efb 82744 libgnutls-openssl27-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 82b6d48825767f02f6e8f2ef8105974008451f3a 41142 libgnutls-openssl27_3.8.1-4ubuntu1.3_i386.deb 404e8df2013f3e5155cb9e9f1142ccb241b3d6bb 1119592 libgnutls28-dev_3.8.1-4ubuntu1.3_i386.deb 565ebb27672bf4a52241787e59b3ba7b4d32f022 1723024 libgnutls30-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb c4569a9a707ddebea977244f37ad69a8e44cf6b3 1008020 libgnutls30_3.8.1-4ubuntu1.3_i386.deb Checksums-Sha256: 34ead141abff5f22af3fcf3024c53b4e15d12227940232a30e21ae007f43163e 893310 gnutls-bin-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 241197cdb8ae68c2c20a411bcd4f6a172dfb323d84731dd791c4f66cd8a26ca0 301624 gnutls-bin_3.8.1-4ubuntu1.3_i386.deb 37a3df8e65064030e5f31a6e1c2abcc53aabbd06d1de2cf5ca3bf3397b38f0d4 9630 gnutls28_3.8.1-4ubuntu1.3_i386.buildinfo be043752ceab6b854905cbe1db62e9f0a63d4d08a669e5575b0e24bd157d9456 424183 gnutls28_3.8.1-4ubuntu1.3_i386_translations.tar.gz 53953ce91208609ff9a7e76a23d1d685f192bb5ea5657f596f24477fc28a8613 82228 libgnutls-dane0-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 3647820bcc16f7f7455e9408176f62aef0d69aefe0a6b7602c33ee2a31a5093f 40726 libgnutls-dane0_3.8.1-4ubuntu1.3_i386.deb 0e462062b00c6350149b3d84686a7043f4fc5558147bece347b925af898d53fe 82744 libgnutls-openssl27-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb d0e81fda7993726417581681a54072708f5a0b3d0f8d2ce7cc1012dfdd25018d 41142 libgnutls-openssl27_3.8.1-4ubuntu1.3_i386.deb fdd2681674070b48e54c8ff48d0d33006c3a3a26692e32fc99ba56ac1f8bd833 1119592 libgnutls28-dev_3.8.1-4ubuntu1.3_i386.deb 5fc3995af26b751a45e13befea9f5e7f4b6db8ce82d4e67ff65318117f1b0c17 1723024 libgnutls30-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 09e38a6e0359623c113ea65569b4c4260dbcb1f464044c5e50b3d3824bc0acd7 1008020 libgnutls30_3.8.1-4ubuntu1.3_i386.deb Files: 411cd190e3072b2a206d3c7b0f09af64 893310 debug optional gnutls-bin-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb 1d3e91aa162f71be345a6daf88d44e2f 301624 net optional gnutls-bin_3.8.1-4ubuntu1.3_i386.deb 88ea63efe7e7f6c9cc84ef442b0ee34e 9630 libs optional gnutls28_3.8.1-4ubuntu1.3_i386.buildinfo 00387123b2b18123dedbab9e2de05d84 424183 raw-translations - gnutls28_3.8.1-4ubuntu1.3_i386_translations.tar.gz 27b4253ab6538640eec2a991cc324fa5 82228 debug optional libgnutls-dane0-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb f8fa8c937e0c254847c999b51773ced3 40726 libs optional libgnutls-dane0_3.8.1-4ubuntu1.3_i386.deb 4ada6aa8c38e14de3e79c3169486df22 82744 debug optional libgnutls-openssl27-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb f270a5e04bc46fd1ef5e8e609dc5898c 41142 libs optional libgnutls-openssl27_3.8.1-4ubuntu1.3_i386.deb c51873fef3214931f60585f1cb32f897 1119592 libdevel optional libgnutls28-dev_3.8.1-4ubuntu1.3_i386.deb e0df6eea0c95198d9b0125a3f65cbf6b 1723024 debug optional libgnutls30-dbgsym_3.8.1-4ubuntu1.3_i386.ddeb ab9cc13b8c8a3131606b2e4b22adc974 1008020 libs optional libgnutls30_3.8.1-4ubuntu1.3_i386.deb Original-Maintainer: Debian GnuTLS Maintainers