Bug#1135319: marked as done (gnutls28: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015)

Debian Bug Tracking System Fri, 22 May 2026 14:19:17 -0700

Your message dated Fri, 22 May 2026 21:18:28 +0000
with message-id <[email protected]>
and subject line Bug#1135319: fixed in gnutls28 3.8.9-3+deb13u4
has caused the Debian Bug report #1135319,
regarding gnutls28: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 
CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 
CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1135319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135319
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: gnutls28
Version: 3.8.12-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for gnutls28.

CVE-2026-3832[0], CVE-2026-3833[1], CVE-2026-5260[2],
CVE-2026-5419[3], CVE-2026-33845[4], CVE-2026-33846[5],
CVE-2026-42009[6], CVE-2026-42010[7], CVE-2026-42011[8],
CVE-2026-42012[9], CVE-2026-42013[10], CVE-2026-42014[11],
CVE-2026-42015[12].

Sorry Andreas for the very unspecific bug, it is merely to bring it on
to your readar, probably was not needed though. We will have to decide
how important the set of issues is for DSA or point release update.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-3832
    https://www.cve.org/CVERecord?id=CVE-2026-3832
[1] https://security-tracker.debian.org/tracker/CVE-2026-3833
    https://www.cve.org/CVERecord?id=CVE-2026-3833
[2] https://security-tracker.debian.org/tracker/CVE-2026-5260
    https://www.cve.org/CVERecord?id=CVE-2026-5260
[3] https://security-tracker.debian.org/tracker/CVE-2026-5419
    https://www.cve.org/CVERecord?id=CVE-2026-5419
[4] https://security-tracker.debian.org/tracker/CVE-2026-33845
    https://www.cve.org/CVERecord?id=CVE-2026-33845
[5] https://security-tracker.debian.org/tracker/CVE-2026-33846
    https://www.cve.org/CVERecord?id=CVE-2026-33846
[6] https://security-tracker.debian.org/tracker/CVE-2026-42009
    https://www.cve.org/CVERecord?id=CVE-2026-42009
[7] https://security-tracker.debian.org/tracker/CVE-2026-42010
    https://www.cve.org/CVERecord?id=CVE-2026-42010
[8] https://security-tracker.debian.org/tracker/CVE-2026-42011
    https://www.cve.org/CVERecord?id=CVE-2026-42011
[9] https://security-tracker.debian.org/tracker/CVE-2026-42012
    https://www.cve.org/CVERecord?id=CVE-2026-42012
[10] https://security-tracker.debian.org/tracker/CVE-2026-42013
    https://www.cve.org/CVERecord?id=CVE-2026-42013
[11] https://security-tracker.debian.org/tracker/CVE-2026-42014
    https://www.cve.org/CVERecord?id=CVE-2026-42014
[12] https://security-tracker.debian.org/tracker/CVE-2026-42015
    https://www.cve.org/CVERecord?id=CVE-2026-42015

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: gnutls28
Source-Version: 3.8.9-3+deb13u4
Done: Andreas Metzler <[email protected]>

We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 May 2026 13:15:39 +0200
Source: gnutls28
Architecture: source
Version: 3.8.9-3+deb13u4
Distribution: trixie-security
Urgency: high
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1135319
Changes:
 gnutls28 (3.8.9-3+deb13u4) trixie-security; urgency=high
 .
   * Add 3.8.13 patchset from CentOS 10 security release.
     Fixes
     CVE-2026-33846
     CVE-2026-42009
     CVE-2026-33845
     CVE-2026-42010
     CVE-2026-3833
     CVE-2026-42011
     CVE-2026-42012
     CVE-2026-42013
     CVE-2026-42014
     CVE-2026-5260
     CVE-2026-42015
     CVE-2026-3832
     CVE-2026-5419
     and also adds a couple of fixes for issues without CVEs assigned.
     (For Debian base64-encode a testfile, quilt does not support git binary
     patches.)
     Closes: #1135319
   * Drop patches irrelevant for 3.8.9 from the CentOS patchset.
     The PKCS#11 [provider] feature was only added in 3.8.10.
   * Cherry-pick another patch to add a mising declaration.
Checksums-Sha1: 
 d951d114b353d17ccd1a10cd7eb950d63582e11c 3271 gnutls28_3.8.9-3+deb13u4.dsc
 64963c11663d6384123657509dbaa0556e6122c7 140880 
gnutls28_3.8.9-3+deb13u4.debian.tar.xz
Checksums-Sha256: 
 f1153e91212bdf60acf66cb62713ad4ed577f2e85f578a04df31a5619624c1e1 3271 
gnutls28_3.8.9-3+deb13u4.dsc
 f0b9c7d182072f0bbdb281304686aa6e2bfd343dadefa432ec4dab4893e9841f 140880 
gnutls28_3.8.9-3+deb13u4.debian.tar.xz
Files: 
 7774b56b8516eeb053bb6fb808035c6b 3271 libs optional 
gnutls28_3.8.9-3+deb13u4.dsc
 38f664bc59e3bb4ad032ed55b09c6b97 140880 libs optional 
gnutls28_3.8.9-3+deb13u4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoAcdoACgkQpU8BhUOC
FIQJDw//cvNX/dy1RBPcMf4wcBmkAc3FFA7BXMb7gvGfOpwmFui0v0bnnowNxd7Y
VLYVmvBD4cJSDV9Vo8E1ZW9q+fNkrEdNGvH1xJ0onxmqlk5YnGpVPVvD00WX63z0
cFrl0wWGlcP+Xhp16XxfDt+f5zz9QVVcyAodinMiqck58FVVfpQpiNAZpL+fLjPF
xei8Fa3n7jK+u+0PPR9oYHaD5vZ6IfQdoy8Ajk377J0l9+T1eMVnzLqYBW8oeNAL
MWaM97at/CKRYIOTKR+xYPc7LeqIKTUyQYfcS/I0MbPN3veJjeHOhl1P/H9t/1P9
Iten6zX+25eQ5t10zrvdoNkSYPY5WFsGYdq9aSjn9mMr7gGVS+IKUelG+Ps7WS5o
uMKGCL4YZbMIh75VRG4eploOGJU4TuKXL4ouvADZ6be2ibRicWxjxuw4lj2peqHU
9R/ZXK+pV90nkkGUj5Jwq2ul7XixuQgRDlzuyppC/1lad6X1fDf3wkSKWQNrb377
VlNqnwbZuWFbQ4w1PmkmlDRSFAKjxoQZvSdGkgyGoJ1CR9z7Jngxh0pUeHX6A1iG
rqZPbq3/UMrDzKfFWAy7UqXT8XwuNFvHqpfcNI1brV8ezHK+nniwlcDXT185+89t
HRU0Uqbf0/boMI9GyVnWQONsAoUuG0KFay4L1so79OBG5oW+ViU=
=EpDD
-----END PGP SIGNATURE-----

pgp682mZfOfOo.pgp
Description: PGP signature

--- End Message ---

Bug#1135319: marked as done (gnutls28: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015)

Reply via email to