Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

To: Andreas Metzler <ametzler@bebt.de>, 963703@bugs.debian.org
Subject: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 25 Jun 2020 23:44:00 +0200
Message-id: <[🔎] 20200625214400.GA2438668@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 963703@bugs.debian.org
In-reply-to: <[🔎] 20200625154142.GB1443@argenau.bebt.de>
References: <[🔎] 20200625153729.GA197447@argenau.bebt.de> <[🔎] 20200625153729.GA197447@argenau.bebt.de> <[🔎] 20200625154142.GB1443@argenau.bebt.de> <[🔎] 20200625153729.GA197447@argenau.bebt.de>

Hi Andreas,

On Thu, Jun 25, 2020 at 05:41:42PM +0200, Andreas Metzler wrote:
> On 2020-06-25 Andreas Metzler <ametzler@bebt.de> wrote:
> [...]
> > * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
> >   + 40_casts_related_to_fix_CVE-2019-3829.patch
> >   + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch
> >   + 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate-verification.patch
> >   + 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff
> > * More important fixes:
> >   + 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch
> > [One-line-fix for memleak]

Only noticed too late, but the above CVE reference should be
CVE-2019-3829 in the "Pull fixes for ..." changelog entry.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
  - From: Andreas Metzler <ametzler@bebt.de>

References:
- Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
  - From: Andreas Metzler <ametzler@bebt.de>
- Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Bug#962867: transition: qtbase-opensource-src
Next by Date: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Previous by thread: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Next by thread: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Index(es):
- Date
- Thread