Control: tags -1 + confirmed On Fri, 2021-05-14 at 14:08 +0200, Andreas Metzler wrote: > I would like to fix three minor security issues (non-DSA) in stable. > * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch > pulled from > 3.6.15: It was found by oss-fuzz that the server sending a > "no_renegotiation" alert in an unexpected timing, followed by an > invalid > second handshake can cause a TLS 1.3 client to crash via a null- > pointer > dereference. The crash happens in the application's error handling > path, > where the gnutls_deinit function is called after detecting a > handshake > failure. > GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547 > * Pull multiple fixes designated for 3.6.15 bugfix release: > + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated- > code.patch > + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use- > allocation-s.patch > + 47_rel3.6.16_03-key_share-avoid-use-after-free-around- > realloc.patch > (CVE-2021-20231) and > 47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around- > realloc.patch > (CVE-2021-20232), both together GNUTLS-SA-2021-03-10. > + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if- > AGG.patch > + 47_rel3.6.16_06-str-suppress-Wunused-function-if- > AGGRESSIVE_REALLOC-.patch >
Please go ahead. Regards, Adam