Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

To: Andreas Metzler <ametzler@bebt.de>, 963703@bugs.debian.org
Subject: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 02 Jul 2020 20:15:21 +0100
Message-id: <[🔎] 0a71e7a76558578b80db1c1ee1425a72f006ba01.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 963703@bugs.debian.org
In-reply-to: <20200625153729.GA197447@argenau.bebt.de>
References: <20200625153729.GA197447@argenau.bebt.de> <20200625153729.GA197447@argenau.bebt.de>

Control: tags -1 + confirmed

On Thu, 2020-06-25 at 17:37 +0200, Andreas Metzler wrote:
> I would like to make a last bugfix upload to stretch:
> * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694].
>   + 40_casts_related_to_fix_CVE-2019-3829.patch
>   + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch
>   + 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate-
> verification.patch
>   + 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff
> * More important fixes:
>   + 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch
> [One-line-fix for memleak]
> 
>   + 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-
> leng.patch
>     Handle zero length session tickets, fixing connection errors on
> TLS1.2
>     sessions to some big hosting providers. (See LP 1876286)
> [Fixes connections to e.g. verizon popserver.]

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Processed: Re: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Next by Date: Bug#935739: stretch-pu: package sendmail/8.15.2-8+deb9u1
Previous by thread: Processed: cacti 1.2.2+ds1-2+deb10u3 flagged for acceptance
Next by thread: Processed: Re: Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5
Index(es):
- Date
- Thread