Your message dated Fri, 01 Jul 2022 15:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1011246: fixed in gnutls28 3.7.1-5+deb11u1
has caused the Debian Bug report #1011246,
regarding please backport SSSE3 SHA384 fix from mainline
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011246: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011246
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls30
Version: 3.7.1-5
Severity: normal
Tags: patch
GNUTLS in stable is susceptible to the problem that has been fixed in
the main branch. Calculating several SHA-384 hashes w/o reinit can
result in miscalculation of the hashes. This has been fixed upstream in
[1]. Please provide a backport of this patch.
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1466
--
With best wishes
Dmitry
-- System Information:
Debian Release: 11.3
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages libgnutls30 depends on:
ii libc6 2.33-7
ii libgmp10 2:6.2.1+dfsg-1+deb11u1
ii libhogweed6 3.7.3-1
ii libidn2-0 2.3.0-5
ii libnettle8 3.7.3-1
ii libp11-kit0 0.23.22-1
ii libtasn1-6 4.16.0-2
ii libunistring2 0.9.10-4
libgnutls30 recommends no packages.
Versions of packages libgnutls30 suggests:
pn gnutls-bin <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.7.1-5+deb11u1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Jun 2022 18:55:44 +0200
Source: gnutls28
Architecture: source
Version: 3.7.1-5+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1011246
Changes:
gnutls28 (3.7.1-5+deb11u1) bullseye; urgency=medium
.
* 56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch: Backport SSSE3 SHA384
miscalculation fix from 3.7.3. Closes: #1011246
* 56_45-wrap_nettle_hash_fast-avoid-calling-_update-with-zer.patch from
3.7.3: Fix null-pointer dereference flaw. CVE-2021-4209
Checksums-Sha1:
e28a68510089412d856d274dd0db6ee4e7c5ba89 3519 gnutls28_3.7.1-5+deb11u1.dsc
f44838bb47e9848ec25a3b810c37346db79638b3 89312
gnutls28_3.7.1-5+deb11u1.debian.tar.xz
Checksums-Sha256:
c5f5868b77c36060987257149e56d9198a4030a18e292e3565cd18ce5f999571 3519
gnutls28_3.7.1-5+deb11u1.dsc
1045fd529c06230e6476d000c5a0f7f5ad3f380e75d2c93101e0ee6a07b740f6 89312
gnutls28_3.7.1-5+deb11u1.debian.tar.xz
Files:
318e2a80dd26f1b2f06077c65f032fe5 3519 libs optional
gnutls28_3.7.1-5+deb11u1.dsc
2519f0c84332d38666468197c927debd 89312 libs optional
gnutls28_3.7.1-5+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmKoxH8ACgkQpU8BhUOC
FIR0GA/9G9273RngR9bFz9LZ1STFsZxFjNaZmDwtj9nDfJt4G+P6nNJx+qWHaA+C
08I2NTQuRnMvtLkA0RK1lFZQS9to+TZVY8oDpqo1sSxr9kYxV/CAmYnU5n5bdTOz
e/fpDu5nTpLiH9rnwNYcvxoUEuMbdsc6u4f8OIXuNbf+RR/8QAPmHFrTXP5zV61K
eVcH6UHasrSKs49+sZfYyG7ClCJ5Serzd0UetC37DWVEH9GceoB20st+Wrzeuklq
cPQtZtwktIb/FfIrqBL/29PhyIzB0r9M5Z1mg8QaVGmGX+gWLjGJ8umfI4zNt5SW
8oxIUxXvr45PfGMQ1n+EkLGrpsMlBxgDBarESaxKvOb0xs79nE5Ccn3d49ELv42p
MtlIpZOmAnimqYQ1L8PF41PidfrmKlxmvihhqD6y4FKS4tfJ+KzH0TCd7/vxTV9f
hM9VttDXh6CEBk+l2EhV0JgljSveQVugUjv+SZep0QOzIhROB+mI5FnxL5Sy50dI
0lmwBzs3UCG/ogtGcDLnnAPzzWwRWUwE6ZXcGKDIgve+djJ7vCuylNF01CD8Xozn
R1tMqVCary9byXMTF6O9/ytRknHU70jBX3FpWB1uraNYLwSeOh/Rmap5eXOqyWyn
kDgmGcfJW7Q/KIk43qK9YOaZ+FGF9ESPPziIBhPC+UBZb1/vmfI=
=DrdE
-----END PGP SIGNATURE-----
--- End Message ---
