Ubuntu
gnutls28 package

Change logs for gnutls28 source package in Lunar

Lunar (23.04)
Change log

gnutls28 (3.7.8-5ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
    - debian/patches/CVE-2024-0553.patch: minimize branching after
      decryption in lib/auth/rsa_psk.c.
    - CVE-2024-0553
  * SECURITY UPDATE: DoS via certificate chain with distributed trust
    - debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
      in lib/x509/common.c, tests/test-chains.h.
    - CVE-2024-0567

 -- Marc Deslauriers <email address hidden>  Thu, 18 Jan 2024 11:20:36 -0500

gnutls28 (3.7.8-5ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
    - debian/patches/CVE-2023-5981.patch: side-step potential side-channel
      in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
      lib/priority.c.
    - CVE-2023-5981

 -- Marc Deslauriers <email address hidden>  Fri, 17 Nov 2023 09:18:54 -0500

gnutls28 (3.7.8-5ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
      TLS1.3 with medium security profile (2048 RSA keys minimum, and
      similar).

gnutls28 (3.7.8-5) unstable; urgency=high

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster (oldstable):
    + Build-Depends: Drop versioned constraint on libp11-kit-dev,
      libtasn1-6-dev, libunbound-dev and libunistring-dev.
    + Build-Depends-Indep: Drop versioned constraint on texinfo.
    + libgnutls28-dev: Drop versioned constraint on libp11-kit-dev in Depends.

  [ Andreas Metzler ]
  * 55_01-auth-rsa-side-step-potential-side-channel.patch
    55_02-rsa-remove-dead-code.patch 55_03-document-the-CVE-fix.patch:
    Effectively update to 3.7.9, fixing GNUTLS-SA-2020-07-14 / CVE-2023-0361

 -- Marc Deslauriers <email address hidden>  Fri, 17 Feb 2023 08:00:36 -0500

gnutls28 (3.7.8-4ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).
  * Dropped changes:
    - Reduce parallelism in build to 2 to address FTBFS with lto

 -- Adrien Nader <email address hidden>  Thu, 19 Jan 2023 14:47:39 +0100

gnutls28 (3.7.7-2ubuntu2) kinetic; urgency=medium

  * Fix Segmentation Fault due to misdetected Intel AVX support
    (LP: #1988398)

 -- Gregor Jasny <email address hidden>  Thu, 01 Sep 2022 07:42:53 +0100

Ubuntugnutls28 package

Change logs for gnutls28 source package in Lunar

Ubuntu
gnutls28 package