-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-bin gnutls-bin-dbgsym guile-gnutls guile-gnutls-dbgsym libgnutls-dane0 libgnutls-dane0-dbgsym libgnutls-openssl27 libgnutls-openssl27-dbgsym libgnutls28-dev libgnutls30 libgnutls30-dbgsym libgnutlsxx30 libgnutlsxx30-dbgsym
Architecture: armhf
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-dane0 - GNU TLS library - DANE security support
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dev - GNU TLS library - development files
 libgnutls30 - GNU TLS library - main runtime library
 libgnutlsxx30 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 a6c776aa567bde8f31c4c6a33cb3a92b6727df53 842192 gnutls-bin-dbgsym_3.7.9-2+deb12u5_armhf.deb
 ce94267b09764fc3f10ebd7128b1c3fe7f696afb 616128 gnutls-bin_3.7.9-2+deb12u5_armhf.deb
 8e72c4aacb4c2fa7b808af4a215b7f98c36ea899 11276 gnutls28_3.7.9-2+deb12u5_armhf-buildd.buildinfo
 7c8e41ccfdb6286a25bbdfb15214b38b2341be85 253632 guile-gnutls-dbgsym_3.7.9-2+deb12u5_armhf.deb
 249d5b258d9afcba0538074be1224f6c1fd4bedc 454192 guile-gnutls_3.7.9-2+deb12u5_armhf.deb
 697278dcf4f103a0b3998fcc3d4bff88014aa271 90384 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_armhf.deb
 33bdff176b6d888d8fbe12b20c236513500c72fd 400292 libgnutls-dane0_3.7.9-2+deb12u5_armhf.deb
 aaf16b70e0975a322f7c9b82a7f0e0072c5f8131 91664 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_armhf.deb
 4fd089117106a5fb6820225d470c2aa4700b7372 400116 libgnutls-openssl27_3.7.9-2+deb12u5_armhf.deb
 769e21c4a3f949a434cbc4ad03d09b74d312bbfd 1287544 libgnutls28-dev_3.7.9-2+deb12u5_armhf.deb
 1897568b4a465afd2856ce99840be3075e176bd1 2028824 libgnutls30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 a3f05c7bd48be408062705531a719d475900d38b 1321572 libgnutls30_3.7.9-2+deb12u5_armhf.deb
 d228e327c753e2407d86fbc8132ba80b783ec35b 49368 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 7c2aad4c1e148eff4f88d9944fb1304535259de6 12172 libgnutlsxx30_3.7.9-2+deb12u5_armhf.deb
Checksums-Sha256:
 696f8848a9a10c126facbca89c54b45a36eb20966e40821f3f6b08ad437356b0 842192 gnutls-bin-dbgsym_3.7.9-2+deb12u5_armhf.deb
 0d2788731783bfd4b85758e223a25bc697d7845db129c0a72c9b3c4f4107728a 616128 gnutls-bin_3.7.9-2+deb12u5_armhf.deb
 cac5c91e165e2e0173a2efaff83ec1d75c26f54dbff6863791ee657ef36f9f80 11276 gnutls28_3.7.9-2+deb12u5_armhf-buildd.buildinfo
 6dc929b39e4f5e9aa33706511dc76f9238c06d89a9bb751a8fa146fa7c9f8e03 253632 guile-gnutls-dbgsym_3.7.9-2+deb12u5_armhf.deb
 8f4a666dd6a38b004af322ca2fd4d3bea04b4cd6a2df65b8f9efa33c62f7820b 454192 guile-gnutls_3.7.9-2+deb12u5_armhf.deb
 0eaaa4b9d39e3d8c8fe124ce436044976b5af57db2ba574a0adad1879f118367 90384 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_armhf.deb
 5a37abb56bf71107eee84cde8cf46023ea1490e0d93b1aa9e305d37bb54b8d52 400292 libgnutls-dane0_3.7.9-2+deb12u5_armhf.deb
 7eb08e669496ea0e53881f68ab78ef6f205f2ff2c6d0480d290a710d4eb54c5f 91664 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_armhf.deb
 03d682778ad84e58a0aec16afeceaf0e1a6fc4cbe973cfa418def1eb1a9ce972 400116 libgnutls-openssl27_3.7.9-2+deb12u5_armhf.deb
 4775fd9732657aa368bfb1d88feaf437a90a37fc1f3a1149dd2dbb6afc1f23cd 1287544 libgnutls28-dev_3.7.9-2+deb12u5_armhf.deb
 3ad93f5123c1043187aba222fb7598af39b8db45f86568e4810503a1ba93e0c0 2028824 libgnutls30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 6249e0e65e97ac4e19e484db9933b895a7fe21f2ad6ccf30ef258c970d1b9b27 1321572 libgnutls30_3.7.9-2+deb12u5_armhf.deb
 1b9a366e28396c21112f5f0bba602d74648150bfce755289bd697d808ef19590 49368 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 57440b902a2fd3415a82852ac4e7b3977089193bd54b52fa40760888d414852d 12172 libgnutlsxx30_3.7.9-2+deb12u5_armhf.deb
Files:
 6ad3f89afafa075518c3dc747541c150 842192 debug optional gnutls-bin-dbgsym_3.7.9-2+deb12u5_armhf.deb
 0c172874942b9cb6142a78237e696083 616128 net optional gnutls-bin_3.7.9-2+deb12u5_armhf.deb
 8ba346c3c493a17f0f6de80520cf9094 11276 libs optional gnutls28_3.7.9-2+deb12u5_armhf-buildd.buildinfo
 4f3e219551a348b3922d3408271ad96b 253632 debug optional guile-gnutls-dbgsym_3.7.9-2+deb12u5_armhf.deb
 1e51c64364e11371970bc83fa95a6d23 454192 lisp optional guile-gnutls_3.7.9-2+deb12u5_armhf.deb
 418665d17dedbb72ab0b5cef6998e098 90384 debug optional libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_armhf.deb
 a536d8399615a5e27a0116c88fb84754 400292 libs optional libgnutls-dane0_3.7.9-2+deb12u5_armhf.deb
 ae28598ca80775725f75d044c03adf37 91664 debug optional libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_armhf.deb
 808907435d4e3f3eae718ef272de952d 400116 libs optional libgnutls-openssl27_3.7.9-2+deb12u5_armhf.deb
 1c6c49622c4c3d8da6bccc801fc7a3d9 1287544 libdevel optional libgnutls28-dev_3.7.9-2+deb12u5_armhf.deb
 26aa2f5d94cc0cb5e733ec1299810b5d 2028824 debug optional libgnutls30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 63b5d09babb40654df3c759e1aad5769 1321572 libs optional libgnutls30_3.7.9-2+deb12u5_armhf.deb
 771acb1253ad0f76ab68b0c3769530da 49368 debug optional libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_armhf.deb
 af1025edd91bd8fca4f8e89ca89faf09 12172 libs optional libgnutlsxx30_3.7.9-2+deb12u5_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmh18dMACgkQLRECdjCZ
QkcJeQ/8C8eQesMRc5+5OISc0d8d4NLyFdNlcvpfla6z5SDvY2s3Zb5+P6lTZ1Um
XwN3oBFqXrYjVZ7Dz27CGAbBAq94EeGfMWnEidlyQQ5s1Zn0FSrIPQvRQQfNZsU3
DYlKqOxSN/iNNuJQex2XgdqB7xGg6bCiIYElH+vLDFkdbJmsRqTjQsbw7hEUX13v
fVeybYhPZOyRWxrEPkT3H+Cdq4uMy/a5R10nUfpcyJutGanBno/0AutK5DnAjAtm
yD7bhhT/0bHDbPfQxSiY4P34Mq2JvyxpWYrYijpsMn5vj976DhOO6oScomLFZzdh
/LDtnPV4H0RiLq3A0fEHRJo6piloIxRkIVWFWeCq1tjQAUb1SdBgc+njWUAmVnBT
CKa2UByWRnEt6IYzJbm5ZBuDlnZAtDGPbf+XS6yJTnJKzvRIRWYTGcTWpwJoB6Mr
RL7mJf83PGoRE2bcVA5Wfpob0x9TJvxIAIi3Y6xbbd5Cin+blUsxXT7ox0IZ4R+1
nYwnKYxNZhqcVEVxTIZ3xzo2UpLObMHZ0P9fulkk9S4B0zet+gZygtL2exQl0CLI
zEojoRlpgQhKWqronLoI13+TOPbN5vfkd8yzhlRaZGlIrn5L/XLNc5tjYVJssbqZ
eb79dXhcnm8A/7zT1Zwl4FfH0PtXrWZhH9UqNZ1GN8dHyrkZ9gc=
=CAfA
-----END PGP SIGNATURE-----