I've gone ahead and uploaded this for impish but I made one modification
to the changelog entry. I dropped the line regarding "* Merge CVE fixes
CVE-2021-20231 CVE-2021-20232" because there isn't anything different
about the Ubuntu version of the package from Debian. We can see that
those CVE fixes were included in Debian.
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
* Upload to unstable.
-- Andreas Metzler <ametz...@debian.org> Wed, 10 Mar 2021 19:02:31
+0100
I'm not sure why a previous uploader added that line to their changelog
but it seems unnecessary.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20231
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20232
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1929229
Title:
Please merge gnutls28 3.7.1-4 (main) from Debian unstable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1929229/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
