-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 07:02:19 +0200
Source: gnutls28
Architecture: source
Version: 3.7.9-2+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Changes:
 gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.
Checksums-Sha1: 
 546b327436b9be48ec94ca31bc5886ede0421441 3421 gnutls28_3.7.9-2+deb12u5.dsc
 0051fc43fcf89aff2dc490f630abf8add2115ac8 116888 gnutls28_3.7.9-2+deb12u5.debian.tar.xz
Checksums-Sha256: 
 47301d7eab05f68530111dd78ac03de9ecbc842d8783de2d4147e4f122ad81d1 3421 gnutls28_3.7.9-2+deb12u5.dsc
 70cf23e06e4bb67463c11ee0c9bb27cc78654e6e005782990ffd8b6846964259 116888 gnutls28_3.7.9-2+deb12u5.debian.tar.xz
Files: 
 9c407fc6fb7274677a9fa0b849a0f802 3421 libs optional gnutls28_3.7.9-2+deb12u5.dsc
 d2a754d100196f0fc1dec9358f35e1f1 116888 libs optional gnutls28_3.7.9-2+deb12u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmh15gQACgkQpU8BhUOC
FIRpWg/7BEVR+LdcEuzbEKWEEY7BOcaR/nIH0nxI0OnNRwhntQ7bAedALTkuJB5b
WKxvnV9K6RoNzQUv/Rzn8zuI9BSCwKU5VQDP52FcC94GWB0tv5TM2BkFinkNjHky
U53k3jTtbN1SD1UQdC8I1C5zMeqx+Of23/W9inVpMSZG/TJhja/mRajGTfjo/+0l
nkvkLMddzAhtAEU1IAiEzdQ7MpK06NWFeMM5XudfYCTUm30vABuVtjcFAgfRbSwe
M7dv7Suom1g6heUpe4gZ/GkrSaQa5dixy4B0yFgR87Uw4PZcTSUQYI4jbBeZIVxl
P033z2JR3ZFOt1kp3j1fvuGu0Ft4N+hiNbRAOYfaWcHf8tZ8lF98LtoXDQGRK0nD
tzIROmV56iVgwt5JRmygkMhELVh5ImVBok6g6sX2AlA+S1CFjeXLHlyFqlnuOAC+
CiPowILhdKNEUe3dGJLBjk25P+4qpo/yjwVqdsQJxNBXfkKm1XeEj9zZHOymG1rI
zUwUc+lvV3+XC/WrHsMzRhS0pJ95RJejurcCe77f1f1YLNoaeMbuYSpI7or0AB1M
oXW6oEs/hRPfa72AOJCSYoUlTiq2OQ0FhrBhd+77YUbu9ePF8PpmorMUeqwvPUod
HXlYn+UC+qvVjQFQDc6qiMY9JSqZduAtLragTpTJl5xv/W4MLLk=
=1VV+
-----END PGP SIGNATURE-----