-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-bin gnutls-bin-dbgsym guile-gnutls guile-gnutls-dbgsym libgnutls-dane0 libgnutls-dane0-dbgsym libgnutls-openssl27 libgnutls-openssl27-dbgsym libgnutls28-dev libgnutls30 libgnutls30-dbgsym libgnutlsxx30 libgnutlsxx30-dbgsym
Architecture: s390x
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-dane0 - GNU TLS library - DANE security support
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dev - GNU TLS library - development files
 libgnutls30 - GNU TLS library - main runtime library
 libgnutlsxx30 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 7164f0161f8fb2fd469656ab23450be2cc900170 823420 gnutls-bin-dbgsym_3.7.9-2+deb12u5_s390x.deb
 20b1964229ad593f0dd785fc44b6fa187d99c0ee 620908 gnutls-bin_3.7.9-2+deb12u5_s390x.deb
 4392f637c2f10e3809ae52ec869eee73b61b2254 11320 gnutls28_3.7.9-2+deb12u5_s390x-buildd.buildinfo
 f4598ca7322f50c64f2d85f022bc027df62c6e9d 255344 guile-gnutls-dbgsym_3.7.9-2+deb12u5_s390x.deb
 ff7b55e547caf38f99e3a719a1c16aa9f4856d01 457428 guile-gnutls_3.7.9-2+deb12u5_s390x.deb
 f5ef162d4b747f4242961df95cb8aaa7660255a6 89984 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_s390x.deb
 24914d41f216e32e9472b586326f4fe5cd53bd3e 404980 libgnutls-dane0_3.7.9-2+deb12u5_s390x.deb
 390d9fe72a90dbd49e9e9f6eceb50bbe9571c81c 91016 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_s390x.deb
 b6bfc3cc31107a9ff4a1f2367a2dacf3285b11d8 405100 libgnutls-openssl27_3.7.9-2+deb12u5_s390x.deb
 563705752ad029eef37a1b2f7b27dce8c6da68b8 1226856 libgnutls28-dev_3.7.9-2+deb12u5_s390x.deb
 0f7e144356f875313efcaa117f57743c0c8ce150 1947492 libgnutls30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 0d8b5f2b116b4508d47edbff94e76e5f42cdfb4e 1283200 libgnutls30_3.7.9-2+deb12u5_s390x.deb
 da0468d225a4c26047656ba14822b58cd2cee2c6 48328 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 cb53bbaf102e4f5d7c2281d8557f09dd138cc172 13700 libgnutlsxx30_3.7.9-2+deb12u5_s390x.deb
Checksums-Sha256:
 1de208092ba3972b4b18ad82a4dc79f8078d90ff448b5b4b59353c98c75cd7ef 823420 gnutls-bin-dbgsym_3.7.9-2+deb12u5_s390x.deb
 9cb8a06763b876177b9aa7401f49da08cd8202b159e55ff9c6c49edfaa1b27e2 620908 gnutls-bin_3.7.9-2+deb12u5_s390x.deb
 6ab569c6d48e5b188bd527ec06cf2e076f9c6f019a670bb09e7d1c1554273be3 11320 gnutls28_3.7.9-2+deb12u5_s390x-buildd.buildinfo
 e86cc7baae39396a756e52ca6eb5eb87fe20b156d29ac2697ba689653c06654f 255344 guile-gnutls-dbgsym_3.7.9-2+deb12u5_s390x.deb
 249a1e4a65c15def3a3ace950c850f92051b32c1ca91cc92be9cfbb49ab2b41c 457428 guile-gnutls_3.7.9-2+deb12u5_s390x.deb
 c6b48625627505269e17f76717db545233d3c8ba9a3398f7dada7ba5e0d830c9 89984 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_s390x.deb
 e7c4a09fb62c29643f5dfa4714dd7a69db32ed73b74f9f0ff82ec0f37cb90616 404980 libgnutls-dane0_3.7.9-2+deb12u5_s390x.deb
 71419a1db442a40abf981941a2156900cabe78ddc92b2159298fd81752e50f57 91016 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_s390x.deb
 2fbdaea53d9da856c3b0768d085d44c97737dc3aa1e688956c52b72734324b87 405100 libgnutls-openssl27_3.7.9-2+deb12u5_s390x.deb
 8c436951d13cf7e3c7bdf405643953ad97f137b0b16892a16e85b7e6b49cf945 1226856 libgnutls28-dev_3.7.9-2+deb12u5_s390x.deb
 c3c75162dd65aa790bcdcfaf37b8679baad45aa1330f52dd30c64e74b44f6d68 1947492 libgnutls30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 a43105e59d46fb8046064eea2212d45545e225ccbd629c78f763f03e94a4f3a4 1283200 libgnutls30_3.7.9-2+deb12u5_s390x.deb
 67630f25eea6df4899d19d2b9b35000632cc4d252550940d947d74280bc81d55 48328 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 c287a585181a2587c1519c1f49b3eb8f7cf033b9f3b7ce486349486856a0849a 13700 libgnutlsxx30_3.7.9-2+deb12u5_s390x.deb
Files:
 58da70883343df6f9b0d911585bb0f39 823420 debug optional gnutls-bin-dbgsym_3.7.9-2+deb12u5_s390x.deb
 59eb3e9c5c81062efc724292e125852f 620908 net optional gnutls-bin_3.7.9-2+deb12u5_s390x.deb
 babcdd33bc63c49c40bfca8cedaa2650 11320 libs optional gnutls28_3.7.9-2+deb12u5_s390x-buildd.buildinfo
 69ce742d2f3c1ac2c34a4ac7cb3ea088 255344 debug optional guile-gnutls-dbgsym_3.7.9-2+deb12u5_s390x.deb
 65b113fe2104fa8e26bcaa53d2e67598 457428 lisp optional guile-gnutls_3.7.9-2+deb12u5_s390x.deb
 19b68105e6dbc1faa434a6f7c3b3eadb 89984 debug optional libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_s390x.deb
 8ecc863c8c219fd3bb18683e8aecf445 404980 libs optional libgnutls-dane0_3.7.9-2+deb12u5_s390x.deb
 4bc72ec3469ebccb5e3d5190c59bd2db 91016 debug optional libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_s390x.deb
 a509bf2e511bc7f987404cb2521cbf73 405100 libs optional libgnutls-openssl27_3.7.9-2+deb12u5_s390x.deb
 bce402dc480f12e206c1894be885a1c1 1226856 libdevel optional libgnutls28-dev_3.7.9-2+deb12u5_s390x.deb
 9a5281e8081eb781374b45f1689832ff 1947492 debug optional libgnutls30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 54557d9572a43ed7c9d4fc24afa2499e 1283200 libs optional libgnutls30_3.7.9-2+deb12u5_s390x.deb
 8cad39d15838773ef2cc8a2e7e7893d6 48328 debug optional libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_s390x.deb
 258dd1c98bbf60c0c15156b0e216879a 13700 libs optional libgnutlsxx30_3.7.9-2+deb12u5_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZTC4/c20pi1/n7UBUhVQ83ojQ7QFAmh17nIACgkQUhVQ83oj
Q7TzHw//QrzXR0O10oTNXALNpbA9kxndeX3jidaLZw5A0ixhpiSWMWGCQDsCFXxw
9IPcMWqpigAtESCO/4WeRn8LRo/ymsunq8kA/9FcKkMQ4Tf67p9Q84e/bTo3s4hb
nXj4kTuboAzyxvYdC6kZUkLSI9s6xEr4ExWBwF5rs8Hhkd0Szhx65USkkhqRtYQy
Z55FV6tuZrEjSujSscZz2YauRgtvh5ewp8lyZ6omPViX7EbirrRdKWdPT0VBt6hV
Ne2BFHwTXhp3yv/k69U6FbIkjnM3ONJcfy0tT5mNuofH0BvMUz0hFdID5GrrjWi6
tTDocYdIaC370CiW9dYyfEVWEkz+BbRWj0spM2KAOg+kCX+kvVi+YC1r9hYIiD8J
pqIQVYaXaqUTdre/VA0vgHOvYssMQ7wVZq1KP63Uu1otMuF6Oh0zvkh/pyEGCCjC
y0XFNRQ37K9CWfIid8CeZpUQCTqlC0FG0jXSPwDUTaTToNwhsgmjdIJKIkM+m2ov
jCK5lWITCOP8MXEOvBJUx9BGh9V5NHXHMvGPBP3bWUVWctpeaVElLOUigT+/0BSq
Jyve7iPujAN3jixcxKjij6E6ux7MyWZB5+CYF9VA+DF4gQFra6CJ74dMCjY+IE+R
nWw0QgzdmYvR8aPcyND/leGcdIcUl1j9X3JsYU8qdkr7CbRlocU=
=vtrN
-----END PGP SIGNATURE-----