-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-bin gnutls-bin-dbgsym guile-gnutls guile-gnutls-dbgsym libgnutls-dane0 libgnutls-dane0-dbgsym libgnutls-openssl27 libgnutls-openssl27-dbgsym libgnutls28-dev libgnutls30 libgnutls30-dbgsym libgnutlsxx30 libgnutlsxx30-dbgsym
Architecture: amd64
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-dane0 - GNU TLS library - DANE security support
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dev - GNU TLS library - development files
 libgnutls30 - GNU TLS library - main runtime library
 libgnutlsxx30 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 5e35c5ed3dd9008382681d8a69c6a641675fa9a7 893784 gnutls-bin-dbgsym_3.7.9-2+deb12u5_amd64.deb
 e999b4099849d466db4c4d6f1519a150514a9fa4 640952 gnutls-bin_3.7.9-2+deb12u5_amd64.deb
 d5f91d712002d2ebab66cfb4d64dec1fb83d4d61 11449 gnutls28_3.7.9-2+deb12u5_amd64-buildd.buildinfo
 55213ddf03147ea1a73c28a4c9ec3d9230c25b1b 258424 guile-gnutls-dbgsym_3.7.9-2+deb12u5_amd64.deb
 480c056a5a529a20a22891fc99484d1aa116bb3a 463092 guile-gnutls_3.7.9-2+deb12u5_amd64.deb
 0ce60434506cdc69e4dee3fa9bef69609192813a 91952 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_amd64.deb
 dde4fd0c808fbc3603e294b95fb7923b4ecf95e6 407044 libgnutls-dane0_3.7.9-2+deb12u5_amd64.deb
 aef1f7504b4fa7176358fe4ed05f7e52d0a8559c 92296 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_amd64.deb
 c1047c7f6ef222883031f89bd6773e84416b5801 406924 libgnutls-openssl27_3.7.9-2+deb12u5_amd64.deb
 89f77442d0394888ce7b5224e48aa9857e78d05b 1353588 libgnutls28-dev_3.7.9-2+deb12u5_amd64.deb
 9d4acaa2aa7be7573147501d62075b2a603f89d8 2114644 libgnutls30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 82bfea9ed6f7e17896481680e8c15c09b20d7f96 1405940 libgnutls30_3.7.9-2+deb12u5_amd64.deb
 1c6d36c2f16e7410a38d273238b72d6c44d9f1ce 49736 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 79e3477517f1d830b0609e238b587bea6d0a8181 14376 libgnutlsxx30_3.7.9-2+deb12u5_amd64.deb
Checksums-Sha256:
 a21b43c0aae3455a68256e3931ff8cca4cf8f3be6a0f82ad6e01cbe7b6dacfcb 893784 gnutls-bin-dbgsym_3.7.9-2+deb12u5_amd64.deb
 38d5d2df8e8ae62302120952a1ee48467d3363b66a3c9bf588f299af3c133f5d 640952 gnutls-bin_3.7.9-2+deb12u5_amd64.deb
 7088ade26d5b865600b98f638e1d29ac66e305d24673b1158d3cecac87827a94 11449 gnutls28_3.7.9-2+deb12u5_amd64-buildd.buildinfo
 5e42d31c5f2e205085ebb33c28705b65d5f6544e0e6e3e50920ef15a0964c999 258424 guile-gnutls-dbgsym_3.7.9-2+deb12u5_amd64.deb
 ec2ab8036676e9088e5c4f60603cb1c91f1673e74c30b61788ec46bb4cf01c08 463092 guile-gnutls_3.7.9-2+deb12u5_amd64.deb
 10c55b538fe8d0aa9252ab1681dc91d5e13d7eea7232811538e514e622c2c54d 91952 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_amd64.deb
 20511971cbcd106b0a98a01a2e4f5c084f5d42508ba900b5ca4aa48a6d0b8ec2 407044 libgnutls-dane0_3.7.9-2+deb12u5_amd64.deb
 5db091ab40779583fd0fd3770f7a93d6cd1b01074aa3ca74596a8703b1513053 92296 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_amd64.deb
 4c7d0271cb2cee81f321d3bdab99313fdd4c6d41e20a16cef0a106f5e78d7768 406924 libgnutls-openssl27_3.7.9-2+deb12u5_amd64.deb
 4ea9c90bb96903bf18197835e8f5bc22681c435eeb3adea9a5ae39d872fc7cea 1353588 libgnutls28-dev_3.7.9-2+deb12u5_amd64.deb
 f053112cd0590ea7ccbd42c5e08004c4eb5178db581e48c6f729c37964e5908d 2114644 libgnutls30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 fca04ed22e0a38861ae45142a59ba5a09362d949677bab6a4992aa328464b13b 1405940 libgnutls30_3.7.9-2+deb12u5_amd64.deb
 cb593b11e1d429eb4300416a3cc52240524443d63960787692f7dd95bc5253e4 49736 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 ca8d560c5aff402173d36da7cb81a2db58c65d9e6f8881ebaba7bafb6d05fbb3 14376 libgnutlsxx30_3.7.9-2+deb12u5_amd64.deb
Files:
 b5de178416450c52db55e07e5f96b17f 893784 debug optional gnutls-bin-dbgsym_3.7.9-2+deb12u5_amd64.deb
 071628f257f799ec5b286113fba4602c 640952 net optional gnutls-bin_3.7.9-2+deb12u5_amd64.deb
 88b198fa7bc977ec30cd1e8d9dac7c70 11449 libs optional gnutls28_3.7.9-2+deb12u5_amd64-buildd.buildinfo
 8a1305027e0d32eea49ea7c85a902544 258424 debug optional guile-gnutls-dbgsym_3.7.9-2+deb12u5_amd64.deb
 d8525b360ff10670deb39308162d88c0 463092 lisp optional guile-gnutls_3.7.9-2+deb12u5_amd64.deb
 948791ba7e0f1cbea7551aa7a87fe2f0 91952 debug optional libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_amd64.deb
 2f8ad9ebfcc622e4d6b9caa271780c5a 407044 libs optional libgnutls-dane0_3.7.9-2+deb12u5_amd64.deb
 cc896a85f117ba749315e83c88bb5e2d 92296 debug optional libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_amd64.deb
 8b2068977b1a10123e392bb5d4cff46f 406924 libs optional libgnutls-openssl27_3.7.9-2+deb12u5_amd64.deb
 b0dac37d258abcfe264cb6a98edee73b 1353588 libdevel optional libgnutls28-dev_3.7.9-2+deb12u5_amd64.deb
 0b968608229bd6967175db6226d2621f 2114644 debug optional libgnutls30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 46743d29e4f4eafa683a3e211df2593a 1405940 libs optional libgnutls30_3.7.9-2+deb12u5_amd64.deb
 d3a34f7b0dd925c1b5874d9b47434e84 49736 debug optional libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_amd64.deb
 ec2a930e6112ed6381a83b835789e2c4 14376 libs optional libgnutlsxx30_3.7.9-2+deb12u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmh17VQACgkQvGw9w6Vr
LCfQyw/9HRnc/4WjI5MZbyiDJvOVG8nghsbgWuoekZMu6SsJJ9uMm4sWbKzMFbec
A/b/iA1Qn2r471tV4PcyH9lUHEcGuZTfPntJwsWz6ZTb7Ak0gIQt0G8JBh5d/CRX
l+PfhaMkoVDlLWpo5E/Yy9F+wv1VD3LFigcafHhTyd+NrUYj1oh57aP5m2LxkBGO
Xby0ESTxJznTgKDIj1Cg4QBUn2b2RQ//nicWZjJ+jREFTk98H8CDKl1+UiYW8ser
i1Pj0GdxM7qTubplXqxLdGKP8wR/ZxpMSMY5c81w0Ee+qB6Cbt5ZJKqAL3Pt83wB
hQTXLS+cCXksXOxpK/ghY+kq08j9tPkW79fpPHeMcNdaXkZq1lD5ecXkPmEdP3Tj
EqKz79EWU+lYbNu3Xypz8HdR5w7sxizHCpw/7ZzOvHXobG0GhZ89rPADEQa68uPT
FN13tAWZziUwgMO2c9hlUZUcdTQZfVrweafh7BBEn++9kK8Kcw4lFz5NsSoU9Map
PpeCnJyb073srb1NlYkN3BP6TF3ls0SRKXnRnH70FKrc1vDM4JE2oJwv2167E4c2
8HeiPzItfjYaWJ2YcFFhi0TPgLx7dUUJLTE3Tns3/t/ocajGAYHMKfSP0W6/Fmib
zKNO+e5qFvW2MqtQNAjWc8K9PjaAHqCt1rjXbCDlSx+sVyNps9I=
=mt0J
-----END PGP SIGNATURE-----