Your message dated Wed, 17 Jan 2024 18:20:39 +0000
with message-id <[email protected]>
and subject line Bug#1061045: fixed in gnutls28 3.8.3-1
has caused the Debian Bug report #1061045,
regarding gnutls28: CVE-2024-0567
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1061045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1521
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-0567[0]:
| A vulnerability was found in GnuTLS, where a cockpit (which uses
| gnuTLS) rejects a certificate chain with distributed trust. This
| issue occurs when validating a certificate chain with cockpit-
| certificate-ensure. This flaw allows an unauthenticated, remote
| client or attacker to initiate a denial of service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-0567
https://www.cve.org/CVERecord?id=CVE-2024-0567
[1] https://gitlab.com/gnutls/gnutls/-/issues/1521
[2] https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.8.3-1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Jan 2024 18:26:52 +0100
Source: gnutls28
Architecture: source
Version: 3.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1061045 1061046
Changes:
gnutls28 (3.8.3-1) unstable; urgency=medium
.
* New upstream version.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045
Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553
GNUTLS-SA-2024-01-14 Closes: #1061046
Checksums-Sha1:
70ec8acb04a235ab4d749529ae0bcdd105ecab84 3231 gnutls28_3.8.3-1.dsc
806156ac9563caab642d6274496b9cc5b2117612 6463720 gnutls28_3.8.3.orig.tar.xz
e256237d54d45e4b6f46fe692651d6dea33f359c 854 gnutls28_3.8.3.orig.tar.xz.asc
267e3cf3b5645c518ae63082826d83ac79c37dc2 76476 gnutls28_3.8.3-1.debian.tar.xz
Checksums-Sha256:
5c7590150a65e94ff4ae515fde96cc0daebf7927bf8c5bb17e808f156d7a40f4 3231
gnutls28_3.8.3-1.dsc
f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e 6463720
gnutls28_3.8.3.orig.tar.xz
b2b90d225728890b0e2aa7c05e5f25f8ba1282821b46e72cd99f0c732b639cef 854
gnutls28_3.8.3.orig.tar.xz.asc
d92c5799fb4dacf29ae2cf4c00fabee51c0444e1cdc590d7c8adb383143bdd49 76476
gnutls28_3.8.3-1.debian.tar.xz
Files:
d94e41352e100672dc16050c37c29e14 3231 libs optional gnutls28_3.8.3-1.dsc
269966167fa5bf8bae5f7534bcc3c454 6463720 libs optional
gnutls28_3.8.3.orig.tar.xz
8da0da357d6762b98a491bf0a3fc6e1f 854 libs optional
gnutls28_3.8.3.orig.tar.xz.asc
f326f1193203949923abccab21247922 76476 libs optional
gnutls28_3.8.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmWoFCcACgkQpU8BhUOC
FITolBAAj6+AAlgTuEfuDlZkuirWdazzahJY+tYHvHK9l67hbfJRqxpgxCpEiOyP
SmywbQ/o3sx4XhAIWfbBxNqZnb62NriB9FTXFgQdtQFCiAsgVa8tTE/Tn9VQ/xmb
WJoEtJB51W2U9IhXTJXwdwkt1wKOQt83qI3bbEt6PVxuXoyklL+uYC4Htc32uEe5
PnG7EciIXdYYMY5haSw6mbIBX4VzhoRVS1Sp9yasTBCJVreSysQYO99GIZrJsJ1+
a8ohaEU2lY4deQCM/Tzyf6uhhwqU2IVghv7vDlIgsIjWCIrmzu7Slu2YLZsTjhBd
bSxWQW/2B/D7MkkanZJdvaM6YbmrBSOJOA/rqw/knjNS6TapifwVQlm+y9q8UN85
EY5FQIu6letVapyAfjNBIHiQiX1VDbfAmIiOPLNYGe0GYBToeAaEDBs4NRk6T707
qEqYJHWDnaxDQzfibBG6vQvnMeA+AUKDHUf47zHuSBwnbKkM0GYLNyqPGIHuiFHM
bo3TyouvOqtC6EPijI9kvXOPBXCI20VsRjy40V+8F5cplaEHDEwR4dV4ZJ11Iz0V
l7PaYU/TIukx2X/csh/cWc6mu+U/mUkCxvOyEH98OYjlHNBbzDNunbI1GJwGnG/w
gNWiOhhpaRskv2t360boX94qwibqWiqNCM0UbXQuQOTlIcFLLrc=
=Cfyd
-----END PGP SIGNATURE-----
--- End Message ---
