-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Binary: gnutls-doc
Architecture: all
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 gnutls-doc - GNU TLS library - documentation and examples
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1:
 7226c141311e7d587269a76ef56cac68f227b2b9 4843220 gnutls-doc_3.7.9-2+deb12u5_all.deb
 1e116ee85220a0d1608d7044e3cbbce6e75e240a 9804 gnutls28_3.7.9-2+deb12u5_all-buildd.buildinfo
Checksums-Sha256:
 8276cc726642b719460fb9257654ee86bd83275ae38120938ba9759fdc530d19 4843220 gnutls-doc_3.7.9-2+deb12u5_all.deb
 7e51dccad9bad7bc63261b1cafb6a8b3a18be9eb48b17b5c5341d7e1cd54e573 9804 gnutls28_3.7.9-2+deb12u5_all-buildd.buildinfo
Files:
 e771a80ee0772c0684a5f5945481fbe4 4843220 doc optional gnutls-doc_3.7.9-2+deb12u5_all.deb
 3e465a4d9d3f54d10dc951048620cefd 9804 libs optional gnutls28_3.7.9-2+deb12u5_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmh17ZYACgkQx30Wh8LX
l/Zk4xAA5Ptwdo36qBdoIdeLw1aocV8HYB+Ww7lzTXjcxAsyAvpMOmvos4yWeHd7
D09rWGq2tsgEEir8Z6o2gSv/RAupV0/FN0YQpcC0COZuM7wla2lJdTVeSVoqKx0w
BTyUlMwLf9nBAQy7n0u+axJQx1wdD4AidbzeYd52aBR28FsuauVVCJqLZDgmU2E9
Rik05m03YxXY33kpB04/X3cN36D29EEPfPLuUFkMUVvXatN5l2hAO9bm4zYSwlX8
WO45A9F1sPkdmfuFd/t5Ljnz9TLTCrwlTM3iaEGpMogZIPgZ7TRdG50ruJoO0JZY
70gJ4pKuhPY49VX/+xzTF7MG1+ebOUF2P0dYdDz2+cav0bCPdYMI2MXxgdLKYW4O
oyftW6woRqOjQBtGVTwzTqUw0j8W8bzJmzte/X+14i8sxwkIDlp4DMm0H4yQbyaa
K+QwYPJy5ahOVsaMbbuZb4v/U54+VlGPKzhToU4LA0PS7xMgYgOoo0h7mfgvqK76
S8wf9v+5PoLBE/TEEalZynmI9WvkQE05Bqb7Oeqk6RetgxGv+HWJjlt/outT0v/R
cljj9JLmZZ/bgMaB95zslRFucxgLT7W9JvIFqk4m31nfK74Js1HR5noCTNAXp+pB
2rsvsHq92E0smklU5p+ScC9RcWDeZIiQhu0+h489KzA7ytQuSXI=
=8+HJ
-----END PGP SIGNATURE-----