-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-bin gnutls-bin-dbgsym guile-gnutls guile-gnutls-dbgsym libgnutls-dane0 libgnutls-dane0-dbgsym libgnutls-openssl27 libgnutls-openssl27-dbgsym libgnutls28-dev libgnutls30 libgnutls30-dbgsym libgnutlsxx30 libgnutlsxx30-dbgsym
Architecture: arm64
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-dane0 - GNU TLS library - DANE security support
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dev - GNU TLS library - development files
 libgnutls30 - GNU TLS library - main runtime library
 libgnutlsxx30 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 97b7fd5c43a5a4466ac33a368a7612c7f77ee804 902440 gnutls-bin-dbgsym_3.7.9-2+deb12u5_arm64.deb
 cbab105f331f68aeaa474a3be6c2ca77bb0bcb42 623664 gnutls-bin_3.7.9-2+deb12u5_arm64.deb
 7a7a26b2cb3ac848e33405b765ff4f5d28e0ba74 11432 gnutls28_3.7.9-2+deb12u5_arm64-buildd.buildinfo
 1a07adc774edae9ee5242d1526fe18cd37030193 257304 guile-gnutls-dbgsym_3.7.9-2+deb12u5_arm64.deb
 613377fdb1547aff7521a2d7284638769856b3ec 457228 guile-gnutls_3.7.9-2+deb12u5_arm64.deb
 048815984c3c1e267e7bb00804658c343d419965 90260 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_arm64.deb
 6d8ebf6d8a3a973e610d001ca9779c6f1ce28242 404608 libgnutls-dane0_3.7.9-2+deb12u5_arm64.deb
 f9accabfc0c8409cb575918a03c4038ad470a5c5 90832 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_arm64.deb
 a15068e6cbe923175e45751a3e23d2e9b98877a0 404624 libgnutls-openssl27_3.7.9-2+deb12u5_arm64.deb
 9e83aef6678458d2ab4d35f87b7f1abd122485be 1361964 libgnutls28-dev_3.7.9-2+deb12u5_arm64.deb
 953c0868a9c6e57b5678dffc0cf40f580ef6b6c6 2099108 libgnutls30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 aa4ec80ff4b5c4fc4e02209ceb0b9748913ff1f7 1313592 libgnutls30_3.7.9-2+deb12u5_arm64.deb
 f161b25103e4a77b6eb91656211cb5f307d18ea0 48336 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 5fe072c6a32ad753bc1c2cf56a3fabe69fc0e501 13092 libgnutlsxx30_3.7.9-2+deb12u5_arm64.deb
Checksums-Sha256:
 f409f31245549aa37fe363a4d4a74abfac08df6f62230846f8ad8c0c95127247 902440 gnutls-bin-dbgsym_3.7.9-2+deb12u5_arm64.deb
 0f25f317b9da121a3419cf59b93735e76ea873fa552a8b49f539e860debc5a02 623664 gnutls-bin_3.7.9-2+deb12u5_arm64.deb
 bf2787e24d771652160caf0a8d83aef813cef47925f1ea0a776c4a3f7ee6c9b1 11432 gnutls28_3.7.9-2+deb12u5_arm64-buildd.buildinfo
 d2215f84fbac92d922dc619c7fcdc1fa75934756661a5ef09a7ef43ed355f561 257304 guile-gnutls-dbgsym_3.7.9-2+deb12u5_arm64.deb
 5240b65b2629bad98e8cf70afc064d6c02c7ed33e13291d0fa9b0126a9cc9fb1 457228 guile-gnutls_3.7.9-2+deb12u5_arm64.deb
 27b721968129d81cb3dce1e6ad6ecc42ba6d988a821ae30f53f0cfffce8fe3f2 90260 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_arm64.deb
 2be16267e869ed2a37ea8f53219b0bf1c7ebcdc775e5c08761864d9c5ee5579c 404608 libgnutls-dane0_3.7.9-2+deb12u5_arm64.deb
 05072f220f848cc46f788d5483ca9271064ce9ddddd44b1d9ba3cddf4bdafb66 90832 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_arm64.deb
 1d6ddd9e62d40781d7bfd816aa2591285df59875d0c95c356e448a3d7abc775a 404624 libgnutls-openssl27_3.7.9-2+deb12u5_arm64.deb
 7b9db5a7a6b0c1ed79822238a8806effe1009be4622301f107cba3d9afa7dcd0 1361964 libgnutls28-dev_3.7.9-2+deb12u5_arm64.deb
 4ac61c11af16d81bfa3edd07c13dd9aae43f6f42da33ce286bf59c213e47ef5e 2099108 libgnutls30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 8452dd090fc75f44352c496b4bfc488d6d30d9a387a00f6b7dc5050277d7eb45 1313592 libgnutls30_3.7.9-2+deb12u5_arm64.deb
 cae4bb196d96a7de8cf5035b34c420a1401547ba1506ef0ad67d8a464f139581 48336 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 18f7e79cbc1cece9838b71e535fdd2b792fd43643b0426cf6c1e3eb28d9b1418 13092 libgnutlsxx30_3.7.9-2+deb12u5_arm64.deb
Files:
 a8bfc239608bfb9a4ee04aa6b1265675 902440 debug optional gnutls-bin-dbgsym_3.7.9-2+deb12u5_arm64.deb
 2b03c6a63c9c6e0301fe8d7d16113e99 623664 net optional gnutls-bin_3.7.9-2+deb12u5_arm64.deb
 c4cf022afb7686dc06f19a3133c7303c 11432 libs optional gnutls28_3.7.9-2+deb12u5_arm64-buildd.buildinfo
 20e610a0e5ad7b8f7b34c2eb0f4c5c09 257304 debug optional guile-gnutls-dbgsym_3.7.9-2+deb12u5_arm64.deb
 4ee8308d63ff0266a957d6e14a333993 457228 lisp optional guile-gnutls_3.7.9-2+deb12u5_arm64.deb
 07f5cc072958d72a0a5d0410df001af4 90260 debug optional libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_arm64.deb
 27f2e44d5a40c9aae1fdce4bc7abf49b 404608 libs optional libgnutls-dane0_3.7.9-2+deb12u5_arm64.deb
 07d00be9adb12837d81444c5b30ce14c 90832 debug optional libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_arm64.deb
 b5a15922dca6d0e0e4ba30044f40ff1f 404624 libs optional libgnutls-openssl27_3.7.9-2+deb12u5_arm64.deb
 64d5c84f5626a5f37e5df768ec8cf155 1361964 libdevel optional libgnutls28-dev_3.7.9-2+deb12u5_arm64.deb
 fe49a908bfb61bd74c4780a8b8dc7efb 2099108 debug optional libgnutls30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 b428e0755dbb2ae39df55b180aa95b18 1313592 libs optional libgnutls30_3.7.9-2+deb12u5_arm64.deb
 88624d3d3ee497a0126c24658cb21fe9 48336 debug optional libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_arm64.deb
 0db9b663fc8d66b1968035d7e3709d94 13092 libs optional libgnutlsxx30_3.7.9-2+deb12u5_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmh18NkACgkQS/ZIXkV8
oLCkZQ/8Clsiw4ejEz7eifJ0dqy4CvkW/0WJFS+9rCuzE8mBBwTjDYk654yHa+t1
ZIPeLagk4MTkyQl65q1kwq88HLRsXcLmTFU9jbGBuMWgkw/wQbUmK6FSPjZ1TovP
0bF5zs3iltEYP2deaI+jxyHtozha7CfPbrVCivmedsl4VR9n0JUUA9Ak/+243T/d
ePU+kVvwTdii2P190C9PcRlCR+qEA9HisA00tpLwmLRIA7Z1b3vqyhCGIMOFqo+/
dhbAobxqvQ2eIH9M2ZWMRxA4WGnRzHJQzWCKotW3MwhUbJvBq/WRCbfsykxsoL+/
tKwRmLjrBfQzZhf8ku6ZQCNVT/yp0ymUTZnbIa2TZ5k09JGXHj/+hP0PkDpR5BPl
j3pJfb8mwchhKH3zwYwfdKNaixm6380jBqwvRa0DXpmNzq+ozT1bKDLd9rLg/EcV
JOk1yHjVj1IoeUkD1eUQaAqRZKSVrN17hC93o4+G8f/je46G9WXAQ/MRudZPtJjb
BivqO8GR2TpUKzCq7Y7ZJ+6lgt+mwW3Mt1ACDYh1GvAUhN86sfyJBviljygOCyZu
yGSqyIXjAPMzThcukJ+wFCDAVOV0zqJi82VKUf/qfAUAIZWTMUi1aia8AjyHphhg
ErnHL9rZNKX9sNwU1oGPEvwVjvFHOn7hmHo6Er3Bkmjl76Pfbn8=
=Heha
-----END PGP SIGNATURE-----