Your message dated Wed, 29 Nov 2023 08:49:47 +0000
with message-id <[email protected]>
and subject line Bug#1056188: fixed in gnutls28 3.8.2-1
has caused the Debian Bug report #1056188,
regarding gnutls28: CVE-2023-5981: timing side-channel inside RSA-PSK key
exchange
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1056188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056188
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.1-4
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1511
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
[Andreas, just filling for having a BTS reference, realize you know
already]
The following vulnerability was published for gnutls28.
CVE-2023-5981[0]:
| timing side-channel inside RSA-PSK key exchange
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5981
https://www.cve.org/CVERecord?id=CVE-2023-5981
[1] https://gitlab.com/gnutls/gnutls/-/issues/1511
[2] https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
[3]
https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.8.2-1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Nov 2023 08:55:21 +0100
Source: gnutls28
Architecture: source
Version: 3.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1056188
Changes:
gnutls28 (3.8.2-1) unstable; urgency=medium
.
* New upstream version.
+ Drop cherrypicked patches.
+ Update symbol file.
+ Update copyright file.
+ Includes fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23. Closes: #1056188
Checksums-Sha1:
4d82e4ccc2bf0e5fdf8013b0674ce9b4461e8a5a 3231 gnutls28_3.8.2-1.dsc
3aa3367ee8a95813195d28fd074ea1d6210377d8 6456540 gnutls28_3.8.2.orig.tar.xz
27e6ce342b021af3cfbdd1ff41339c4b9227df1d 996 gnutls28_3.8.2.orig.tar.xz.asc
166d9a4088334addb887b7a61609e0dd527dd1b8 76348 gnutls28_3.8.2-1.debian.tar.xz
Checksums-Sha256:
765e1d8ba4a3efd28bca17abdc9f4d9f1fce495cee434bf4cfd5c60bdef241b5 3231
gnutls28_3.8.2-1.dsc
e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77 6456540
gnutls28_3.8.2.orig.tar.xz
65812528b607e483920b3398ec9a89acad2f14a33df6e814c5ff1e205b029f00 996
gnutls28_3.8.2.orig.tar.xz.asc
2202fecffd3038e2932c41d61226c494d737b7b3bf825a4f3b5fedca88589e6a 76348
gnutls28_3.8.2-1.debian.tar.xz
Files:
88ef534478734dff2013a9ab779238eb 3231 libs optional gnutls28_3.8.2-1.dsc
8edaa18bce2a5e7a48d8917352a2ba88 6456540 libs optional
gnutls28_3.8.2.orig.tar.xz
def7cb587a2aa5574e2fd3a4b8420056 996 libs optional
gnutls28_3.8.2.orig.tar.xz.asc
3be86d8827df487b5546c106e367861b 76348 libs optional
gnutls28_3.8.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmVm9PMACgkQpU8BhUOC
FIT9oxAAi87dW1JOjmiAl6/b4nte6glUN9HMb6krQUtbUGZfEMQC4nRXSAtuQi/H
Cu8xq6bcv7QQBA4Ys54Qr7/Hfo7fpWSA4qr3/8G5ROQajy9M7mQy8lkRI8pCfNJK
QM8VhsUAJvi4DUxzLMbDq9QkYmXJBi3NaJFGR64QEeMS12F5VLE/GEdZklewRxM8
kOG912k+vyO9k+IEX010GbW0uZlV/4nJhoc2os5nXpQOj3udknvXJJgJPaFElJ7+
raRDNLuRcmdqgV1CNWiLu19TsnYWUx5KG5pZNFnDYuJiA52OGzaAIzdqV7lw8/Nv
4ttJfTnUyR7rLlV7z3X1D3cX2VpZ/JV30PcU97dlTzoG9CDUZmJJmSqcsx9rXij2
pEPLhZg/fnNz2nud8Pa9KOrT/uBcCPwqFNmwmjItsT8eUcfUyisSiq5d3DJeXn/J
ZJj+rZxlWIFfkDKubt777MX2aNxkuP/3yoI14r2wUIOAJ8u6tXviatQQsEx1rYFR
jfRAI2r8T9bd70sOGTMOpuqH5PJqZdVfG4iVZvgLaf1BE3iHiQh/CLOa+sPVC0NZ
b0qH1bV0fcWndBElgWRlFyFwIJUXfFU9fOTZiAKFWrclNc3nLSWM3yHZFvpFK7Hb
ztwxbkk1xqqzlExywhAYg4F+Ka3z1+Z+hzMUDyu7MOesVAaLrwk=
=9oSo
-----END PGP SIGNATURE-----
--- End Message ---
