-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-bin gnutls-bin-dbgsym guile-gnutls guile-gnutls-dbgsym libgnutls-dane0 libgnutls-dane0-dbgsym libgnutls-openssl27 libgnutls-openssl27-dbgsym libgnutls28-dev libgnutls30 libgnutls30-dbgsym libgnutlsxx30 libgnutlsxx30-dbgsym
Architecture: i386
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 guile-gnutls - GNU TLS library - GNU Guile bindings
 libgnutls-dane0 - GNU TLS library - DANE security support
 libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
 libgnutls28-dev - GNU TLS library - development files
 libgnutls30 - GNU TLS library - main runtime library
 libgnutlsxx30 - GNU TLS library - C++ runtime library
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 4eb3a95b674d8b30c252f4f59ed9036b18d0aeff 797928 gnutls-bin-dbgsym_3.7.9-2+deb12u5_i386.deb
 345b4f0087cef5b0631dae4e9a1852a38cba8e7f 645748 gnutls-bin_3.7.9-2+deb12u5_i386.deb
 4ac95a7225e42bfb2889fe32a6d6ff18272ca9e9 11324 gnutls28_3.7.9-2+deb12u5_i386-buildd.buildinfo
 d0d0e3c9448e447244f6fe1bb2f64a483460fe0d 242004 guile-gnutls-dbgsym_3.7.9-2+deb12u5_i386.deb
 094be35aa3977b5ed36ec4893b117d3bc382fca4 463936 guile-gnutls_3.7.9-2+deb12u5_i386.deb
 a59ea21e3f0a5e76d8e57308dceca9c140137a28 83912 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_i386.deb
 0a3944ab9bda054b0938c2cf11f12da269ce321d 407008 libgnutls-dane0_3.7.9-2+deb12u5_i386.deb
 a6a075e81b525c51a43d13246187d07ce1a98817 83984 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_i386.deb
 e55681ea07f561e3d9948ab29e597b1c4a9fc14f 407200 libgnutls-openssl27_3.7.9-2+deb12u5_i386.deb
 5b4eb35a0601f7b7c45b7cd580669f256c1edfd1 1418152 libgnutls28-dev_3.7.9-2+deb12u5_i386.deb
 2c5a45990a1f80761f5a95d87b5ffa9c58531df7 1736148 libgnutls30-dbgsym_3.7.9-2+deb12u5_i386.deb
 30386c63e02fe3465222f86728359edf6234564f 1405424 libgnutls30_3.7.9-2+deb12u5_i386.deb
 7ed3bf2812abcf47ecefe87f6cc489c986a5bd4e 45456 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_i386.deb
 b4fab6018fe782058f58a52e2d7f005613b5dddf 15456 libgnutlsxx30_3.7.9-2+deb12u5_i386.deb
Checksums-Sha256:
 a6d2537c129b158ac5cc87f0da6ad652196fbd40eb5c047fe38575efda7b8e46 797928 gnutls-bin-dbgsym_3.7.9-2+deb12u5_i386.deb
 95ebae0939cab12f9bf8e2bb59199001fa137d55392128c0cbe66ef13c00949d 645748 gnutls-bin_3.7.9-2+deb12u5_i386.deb
 26f048455764c19bd5c5fd5a933e3831f87ddc74ede91dfa22db61af79d17cda 11324 gnutls28_3.7.9-2+deb12u5_i386-buildd.buildinfo
 3f0bee3e02338995ce2260f636d1417c208324992b0140b28a48d1ac75bfb304 242004 guile-gnutls-dbgsym_3.7.9-2+deb12u5_i386.deb
 859f5d85582cafb94d0cf54578659ebc79525ed6440ac4f59f5e6c209768e339 463936 guile-gnutls_3.7.9-2+deb12u5_i386.deb
 d2053b7216e772d52eb4c8b712e0fba17bae0c9623df486341af6a367b9b4f1b 83912 libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_i386.deb
 67969868834378337d35797a7cfbed282c68da49d577e68555f7397e58a64404 407008 libgnutls-dane0_3.7.9-2+deb12u5_i386.deb
 5a9ce11967a371540816612d6c5e172f0af7fc912646a8eb17f368eeba8f00d7 83984 libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_i386.deb
 47ddf18920db7bc465faff66d36e2ea75af67adfe2b0d526ab141698f1671ed7 407200 libgnutls-openssl27_3.7.9-2+deb12u5_i386.deb
 26837f4d5b870a0db64cddae93a09c667ca00473fb660cc7b45ebf99b70518e8 1418152 libgnutls28-dev_3.7.9-2+deb12u5_i386.deb
 6cf7e6a28b782a4ed0e1c5a9a05674dda5f651dae51efffbd4968a6a472ab8fb 1736148 libgnutls30-dbgsym_3.7.9-2+deb12u5_i386.deb
 04ccf15ce730418ef1565b540a5af27a6c19e2a32713d09390bef51d1aab5bd5 1405424 libgnutls30_3.7.9-2+deb12u5_i386.deb
 806a56b167f50650810edc619aaa1b3fda8d33a845e8d88bda94d3f15ef526e8 45456 libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_i386.deb
 ed99b56145be1226ec3a9d78c8a9fe1449246cd99c7d4c90ea274f71210bd4f4 15456 libgnutlsxx30_3.7.9-2+deb12u5_i386.deb
Files:
 6e2c9455c5d830d0ac8e296ce3434c02 797928 debug optional gnutls-bin-dbgsym_3.7.9-2+deb12u5_i386.deb
 91bd1442daf286a6d0dd752b2a038653 645748 net optional gnutls-bin_3.7.9-2+deb12u5_i386.deb
 7b2ec39066081eeed0e4947923c62cf8 11324 libs optional gnutls28_3.7.9-2+deb12u5_i386-buildd.buildinfo
 459ad0a09258f411d9d1fa206ed884b7 242004 debug optional guile-gnutls-dbgsym_3.7.9-2+deb12u5_i386.deb
 1cea1b68b8f72aabd60db70e739eb275 463936 lisp optional guile-gnutls_3.7.9-2+deb12u5_i386.deb
 94ab96ba39d125887e6845406eb5c8cf 83912 debug optional libgnutls-dane0-dbgsym_3.7.9-2+deb12u5_i386.deb
 7f1b6287e32655ef99f36fcd488d72a1 407008 libs optional libgnutls-dane0_3.7.9-2+deb12u5_i386.deb
 c9c94f9f6cab0fdb55ac503815017cb7 83984 debug optional libgnutls-openssl27-dbgsym_3.7.9-2+deb12u5_i386.deb
 f38d50213808970cb1ed685b219ea1f8 407200 libs optional libgnutls-openssl27_3.7.9-2+deb12u5_i386.deb
 eb642b3d30bafde200cd592e3cb30750 1418152 libdevel optional libgnutls28-dev_3.7.9-2+deb12u5_i386.deb
 ea9f650fb9a4818fe9c354268e303e1c 1736148 debug optional libgnutls30-dbgsym_3.7.9-2+deb12u5_i386.deb
 4694fd3cc1bc2202262e176d3d7dbd20 1405424 libs optional libgnutls30_3.7.9-2+deb12u5_i386.deb
 5fa0df0018c78fd1432b9296dd27c2e6 45456 debug optional libgnutlsxx30-dbgsym_3.7.9-2+deb12u5_i386.deb
 88d9b3fd7c5821f245dca2bbcb557f07 15456 libs optional libgnutlsxx30_3.7.9-2+deb12u5_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmh17L0ACgkQEbCLukZn
24rBShAAi+ITVFJQCRWnit05CMXfgjuDC8TRkVp7ZIqjZZuiIT6IoDN3NlZ7cxMK
fTtkWBt0rnJHyPKcUab1OorQOGJhcypj5b5Yh/4ULG5Dho3YSHTdeC4/d3zXmjHl
wV/Ppgfcb+O38xbYYbo8/2Bf5zTzLlCmbIXxX92tRKfkJnMtEeAm5H7PRy7p4hqX
yBKAe1Ryn5BXSqpFLZBcdeRb4j6APTQewLJrPITFpUvV0c+yxDkwo7l/Nqk6SGo2
7dlo1iGFxpuEzh9kgfy7ptNjLmEKvGBCH+34tvNGOVNbWLTK0GindI5mCoBlVI5k
wABSWO+PEIkphOMY0h6z2pvfnSKcJq8Z2UZsZhDzvyAeTJCz+ohI6vh2gTn/xUyD
Dy8/irBXe3iuboKSijm2+4XOry4+6U1OwgSqXTbYlbgt1h92EmQ2wxvmzCPZUoOv
H/XD9aA+PqZFiuhqP6QOK6nOtlIEaaeivawwIEf3tBz++LC9Z+Eph4VhYa1PSUE8
5BXxgy4qbPNLo0Au0dC3mipCKB8hCVQq0aIYK7mMv+eXci7lXKZwfy6RJ6Hdmisj
u9gGeE941iSXC9dvOHOFCbH9PwMNvpthQB1s15el2We9d7b4XDloNJ7O947CWk36
UgTuWQJN4tpBKg0/O5P4sKwINAPumfN4gxb/cGRhdP+E/uZdgTk=
=JoUr
-----END PGP SIGNATURE-----