Hello, We have just released gnutls-3.8.3. This is a bug fix and security release on the 3.8.x branch.
We would like to thank everyone who contributed in this release: Clemens Lang, Daiki Ueno, Jakub Jelen, and Mark Harfouche The detailed list of changes follows: * Version 3.8.3 (released 2024-01-16) ** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] ** libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] ** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. ** API and ABI modifications: No changes since last version. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz Here are OpenPGP detached signatures signed using key: 462225C3B46F34879FC8496CD605848ED7E69871 https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz.sig Note that it has been signed with my openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2026-06-29] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno <u...@unixuser.org> uid [ultimate] Daiki Ueno <u...@gnu.org> sub rsa4096 2010-02-04 [E] Regards, -- Daiki Ueno
signature.asc
Description: PGP signature
_______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help
