• Accepted gnutls28 3.6.7-4+deb10u7 (source) into proposed-updates->stabl

    From Debian FTP Masters@21:1/5 to All on Fri May 21 17:20:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 14 May 2021 13:33:38 +0200
    Source: gnutls28
    Architecture: source
    Version: 3.6.7-4+deb10u7
    Distribution: buster
    Urgency: medium
    Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
    Changed-By: Andreas Metzler <ametzler@debian.org>
    Closes: 969547
    Changes:
    gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
    .
    * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
    3.6.15: It was found by oss-fuzz that the server sending a
    "no_renegotiation" alert in an unexpected timing, followed by an invalid
    second handshake can cause a TLS 1.3 client to crash via a null-pointer
    dereference. The crash happens in the application's error handling path,
    where the gnutls_deinit function is called after detecting a handshake
    failure.
    GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547
    * Pull multiple fixes designated for 3.6.15 bugfix release:
    + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch
    + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch
    + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20231) and
    47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch
    (CVE-2021-20232), both together GNUTLS-SA-2021-03-10.
    + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
    + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
    Checksums-Sha1:
    cf8b7b92308275d1d6d7b7a9c58a6039d8492e84 3354 gnutls28_3.6.7-4+deb10u7.dsc
    825902146b9c4327a6c2c463f069923ec2acf6e0 94000 gnutls28_3.6.7-4+deb10u7.debian.tar.xz
    Checksums-Sha256:
    dac5aff80109fa5e05f4ab1cb5d402ee9caeefebaa12daf034bcdd7e614af6b2 3354 gnutls28_3.6.7-4+deb10u7.dsc
    4f399badd85387e1dd42c811e16d10c4c22196e57142a7325ec44c52b3c6a168 94000 gnutls28_3.6.7-4+deb10u7.debian.tar.xz
    Files:
    c83e0ea3759cb3d38c35926af212a309 3354 libs optional gnutls28_3.6.7-4+deb10u7.dsc
    e485ece5bac5eca4d5d183943953e515 94000 libs optional gnutls28_3.6.7-4+deb10u7.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmCf9EgACgkQpU8BhUOC FIQ4Fw/6AiEQ0PgVB/gZ5FsBEhBXQMe4MWBbsFrNxeX5ZzuvslzF4wOK6GAfblOD xph18fw9QNkRHVlpWzwoyZoDCofD22jYx1FdCZD5S30Ms9HyN63W7EsqQNRp+ZqU kIF+C8mp0lX7lfF6nQalvJpND8NDfSKyPSHazNezSQYXlJ8mXoIqTXWJi1Y1rLcp zpb9sDRb1GvUKOUzbaWQR/08ewU63ujK5XZpT7TGD0vLAwFxzS5SaBxC1FEA74jw FpkuFgc0sBP2OGsobzMH/VX1vnmXuLFK4qjT4x1Ks4x8l9MzyR3rM2I/T5DwoVrE f3oWK6JM7wOQVjqSicGkrkha1K7+VCbI+ekOdk17IonxNBLvc4zpk9Wl/YF0uov/ 8Fs6EMOuGeNr6js/Lm8s4VY2BCJWbyRofSM/jt8f2Ymfh4TdZCopbvXZWhDsGnsT xf5dlK1PeoqsDc9jn8a/qUkfFJB5r0KvkQ26ikM9s32Mr4UnlZomnmgKWCQtFA2V 5UnmKkkmtM2kGP5M37iuiR7qbLHCjui+HBD0ZJhiErFjSWDg6KqZ+9fxj/nZ0Wd6 xFRy7jBnd3iRYRkKnSz/zPq2yIUlQDJjMtxzzpe6MCkR2u3zeFjEGyM46kId899X ER8aT0sFD0Lu3zchH1rfkC9MleiQr17adLYPgHHQMyGBQ4D6530=
    =hMhI
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)