Your message dated Sun, 03 Dec 2023 12:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1056188: fixed in gnutls28 3.7.9-2+deb12u1
has caused the Debian Bug report #1056188,
regarding gnutls28: CVE-2023-5981: timing side-channel inside RSA-PSK key
exchange
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1056188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056188
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.1-4
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1511
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
[Andreas, just filling for having a BTS reference, realize you know
already]
The following vulnerability was published for gnutls28.
CVE-2023-5981[0]:
| timing side-channel inside RSA-PSK key exchange
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5981
https://www.cve.org/CVERecord?id=CVE-2023-5981
[1] https://gitlab.com/gnutls/gnutls/-/issues/1511
[2] https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
[3]
https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.7.9-2+deb12u1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Nov 2023 07:50:48 +0100
Source: gnutls28
Architecture: source
Version: 3.7.9-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1056188
Changes:
gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium
.
* Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel
in RSA-PSK key exchange) from 3.8.2. Closes: #1056188
Checksums-Sha1:
ea4a723eddac2a8cd0845c0e2cc63f6951068275 3418 gnutls28_3.7.9-2+deb12u1.dsc
c8ac5f63cbcdd91f18e5cc7219e823d95cc94e27 87948
gnutls28_3.7.9-2+deb12u1.debian.tar.xz
Checksums-Sha256:
bde2092767800a675a0e381df21f5238fd3c66852f358023f892f771f4b2081f 3418
gnutls28_3.7.9-2+deb12u1.dsc
3e8247d2be027e98c36a1e4e793135b9474502b5fbe08817a21c2a895a5bd9f1 87948
gnutls28_3.7.9-2+deb12u1.debian.tar.xz
Files:
901670b450e53de0adfce34ba7acc4fe 3418 libs optional
gnutls28_3.7.9-2+deb12u1.dsc
8305f50750384b4c0d73db7f899bbb16 87948 libs optional
gnutls28_3.7.9-2+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmVoRTQACgkQpU8BhUOC
FIQuiw/+PkGvbvM31KjIf6zhMlcPN/9p/ME6gQVDHsVDxPzfWbHSqr4omOOa3jBf
LQAht7ObU5aidIigsY052k1sEfKwx1i2V3FLDAGM4nVqdV56NJrBoLtoKHp4pqKI
OesJz6JfmBpZwY7HPI8b0gM73eyraKdaqktw3C+9LNoKiYeNIwNmIR5RJFtgVTzv
/1QgYQ7TaCKp/s5T1GB9ZDQjwV/9WaKhhbZL7fPgP1rgeRuCYU8F3ktwecEvXyDm
M0kFsqCuPQO73hvHD30WVmCsv6XzOvI2ysfgwI1qQQ1pmCREHsjZmDwx1xjsIkel
ah/SqcTjAh+XqnMEVdC37c49NSiV47YV9a1aU63y/hB9QHi9H9RviYHlt9qgdNZQ
CN8h08X0JZXP3RboDutglltty8KswGzo7XRTPLmsG+4k2hgWBr9oA2Obz18ZRLsO
MmQcLvAgDUj6gGRN83d6VN2CcdpRBLDq0eVIcBxD3CVir/4b4qFG+ioHZwKN4uvu
KI4mwT4bg+Bmve55MucA6zv1uTM69oZ9lGsxLYhVzghTT8ovoyuKiFo9JLq210Rc
KGfIlgIW6tGiQJbQ5AGDGMs3W5UQPZZfbJHjra+sKe+d7MqlkQcQKFN92gXRU2K3
0MWVZUNIwlCtpwf+EUVDDf42lPvFj5713auI6WLdiYl2p13NMXQ=
=3FXj
-----END PGP SIGNATURE-----
--- End Message ---
