Your message dated Wed, 31 Jan 2024 10:03:27 +0000
with message-id <[email protected]>
and subject line Bug#1061045: fixed in gnutls28 3.7.9-2+deb12u2
has caused the Debian Bug report #1061045,
regarding gnutls28: CVE-2024-0567
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1061045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1521
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gnutls28.
CVE-2024-0567[0]:
| A vulnerability was found in GnuTLS, where a cockpit (which uses
| gnuTLS) rejects a certificate chain with distributed trust. This
| issue occurs when validating a certificate chain with cockpit-
| certificate-ensure. This flaw allows an unauthenticated, remote
| client or attacker to initiate a denial of service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-0567
https://www.cve.org/CVERecord?id=CVE-2024-0567
[1] https://gitlab.com/gnutls/gnutls/-/issues/1521
[2] https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.7.9-2+deb12u2
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Jan 2024 18:28:37 +0100
Source: gnutls28
Architecture: source
Version: 3.7.9-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1061045 1061046
Changes:
gnutls28 (3.7.9-2+deb12u2) bookworm; urgency=medium
.
* Cherrypick two CVE fixes from 3.8.3:
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045
Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553
GNUTLS-SA-2024-01-14 Closes: #1061046
Checksums-Sha1:
8f309cf26cefeaf059bbded7ef046f474f52e44c 3418 gnutls28_3.7.9-2+deb12u2.dsc
c09b542ada0db576ac8c236decdd15313ed2e063 91608
gnutls28_3.7.9-2+deb12u2.debian.tar.xz
Checksums-Sha256:
c0e6970da7ddd77a17b9062b16f46b218eef862e36270b63f7f38cedff7a7b85 3418
gnutls28_3.7.9-2+deb12u2.dsc
f9ad7b1bccc64c14ab076a6cf7ba9a8064e63d1dbb3a552dcfbba533a128490e 91608
gnutls28_3.7.9-2+deb12u2.debian.tar.xz
Files:
8c13e88846afb59cdd9024cc6e4e5fad 3418 libs optional
gnutls28_3.7.9-2+deb12u2.dsc
415e3d6f696722c06cc6db1c986e36f1 91608 libs optional
gnutls28_3.7.9-2+deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmWrbUkACgkQpU8BhUOC
FISVug//W9LqKMBglhNe/RJx/Lu/o/y2C7BKHiY5+Rua7IUQ98wRsQ+Q/xf9Zu1B
hSLJRg03EIjdsCw0M9h14GwsKem9Ko7yr5t38N7CLqTKTfGXnOPAwSsHdCtVkgSR
obaMLKKHgSMBxXVGW3P/B7n0hXu0uKedyycca45ZkA+H5aTxbu9dX3mEPNkijHJf
iV03KibnT9xf7SXac1Y5YpfSjBwgSCNX3RnIaZ5z6NsOcyPNS7A+/Zc5DCpgTS/R
CTQlosxYUmj5KVrKrgNgOj5lm/6HPQQZe30UIkfqIvarW00NJA4bwIZIu6yVQi/j
yBCrhlokzt0QcfJTf6bANvS/A+eSAr2DPPTEiCt97Yo90RbZ9DZ6qC2wS+59eV55
PGciLxKIlc1I9BRgZGa3+zMXNGjIc7TlJmX8X6MLYgX8PJRH1nikftPFQ19L0igc
fhGqplzZhEVAODZlQnxzDtbgYxE8ZNNY8C33rFcGbpRVQyuJHISUpyUFnyo+f4PH
Px3/J08BVHpx61GmcSzV/20fS+WG549tcpo7QVmUOIb/heMCVmCfWAB77Fx8cFu6
Hp9pJK298D1058MPaMKbFGAjtPWHQbTqr3iVGpNIaUcmGlmKz52gz79a8D85i2V+
/oAphe/wvVjN4l7WvFE4Le7si63CLAuEyGVxhJHbVM5p8Y3I2Ws=
=U2td
-----END PGP SIGNATURE-----
--- End Message ---
