Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package gnutls28. This is a upstream bugfix release featuring two security fixes + Fixes a memory corruption (double free) vulnerability in the certificate verification API. https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 GNUTLS-SA-2019-03-27 + Fixes an invalid pointer access via malformed TLS1.3 async messages; https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 GNUTLS-SA-2019-03-27 One of these is fixed by a hardening measure (gnutls_free() will automatically set the free'd pointer to NULL.) It also unbreaks vlc (#922879) and has some TLS1.3 related changes. The straight debdiff is huge, because of a) usual release updates of autogenerated files and b) because it includes a global 's/http:/https:/'. Stripped down debdiff is attached. unblock gnutls28/3.6.7-2 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
smaller.debdiff.diff.xz
Description: application/xz
signature.asc
Description: PGP signature