[gnutls-help] gnutls 3.7.11

Mon, 27 May 2024 01:15:34 -0700 

Hello,
We have just released gnutls-3.7.11. This is a bug fix release on the 3.7.x branch. 

We would like to thank everyone who contributed in this release:
Xin Long, Daiki Ueno and Zoltan Fridrich


The detailed list of changes follows:

* Version 3.7.11 (released 2024-04-13)

** libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]


** libgnutls: Fixed a bug where certtool crashed when verifying a 
certificate

chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]

** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
[GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]


** libgnutls: Fix assertion failure when verifying a certificate chain 
with a

cycle of cross signatures
[GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]

** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
[GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]

** API and ABI modifications:
No changes since last version.
Getting the Software ================

GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/>
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html <http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz>


Here are OpenPGP detached signatures signed using key:
5D46CB0F763405A7053556F47A75A648B3F9220C

https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz.sig 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz.sig>


Note that it has been signed with my openpgp key:
pub   ed25519 2021-12-23 [SC] [expires: 2027-01-01]
      5D46CB0F763405A7053556F47A75A648B3F9220C
uid           [ultimate] Zoltan Fridrich <[email protected]>
sub   cv25519 2021-12-23 [E] [expires: 2027-01-01]

Regards,
Zoltan




Attachment:
OpenPGP_0x7A75A648B3F9220C.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature


_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help














    











					Reply via email to