Your message dated Sat, 22 Nov 2025 15:01:36 +0000
with message-id <[email protected]>
and subject line Bug#1121146: fixed in gnutls28 3.8.11-1
has caused the Debian Bug report #1121146,
regarding gnutls28: CVE-2025-9820
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.10-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1732
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gnutls28.
CVE-2025-9820[0]:
| GNUTLS-SA-2025-11-18: When a PKCS#11 token is initialized with
| gnutls_pkcs11_token_init function and it is passed a token label
| longer than 32 characters, it may write past the boundary of stack
| allocated memory.
As we compile with -D_FORTIFY_SOURCE=2 it should be effectively
mitigated already but still might be worth bringing the fix in. But
no urgency IMHO, your take?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9820
https://www.cve.org/CVERecord?id=CVE-2025-9820
[1] https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
[2] https://gitlab.com/gnutls/gnutls/-/issues/1732
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.8.11-1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Nov 2025 14:41:00 +0100
Source: gnutls28
Architecture: source
Version: 3.8.11-1
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1121146
Changes:
gnutls28 (3.8.11-1) experimental; urgency=medium
.
* New upstream version.
+ Includes patch for CVE-2025-9820 / GNUTLS-SA-2025-11-18, which is
mitigated by Debian building with -D_FORTIFY_SOURCE=2.
Closes: #1121146
+ Drop superfluous patch, unfuzz.
+ Update symbol file.
+ Update copyright info.
+ Bump nettle-dev dependency to 3.10.
* Drop Rules-Requires-Root: no
* Cherry-pick post-release fix.
Checksums-Sha1:
ae31d8bebae563c9e706092d79eeca40968776eb 3249 gnutls28_3.8.11-1.dsc
112b50f152fb4357c80f8ab0ec604a2af547f39d 6939944 gnutls28_3.8.11.orig.tar.xz
88053650cf3ba09e1cb3d8478ef6029c1a678efe 833 gnutls28_3.8.11.orig.tar.xz.asc
fdbc7fbe08a89533b01c497e65bfa1ccbebf6abc 173824 gnutls28_3.8.11-1.debian.tar.xz
Checksums-Sha256:
9c4abc34c993733f4f0d3686740ff3691c1f8ac674364ac3f22ad8bdb63d4809 3249
gnutls28_3.8.11-1.dsc
91bd23c4a86ebc6152e81303d20cf6ceaeb97bc8f84266d0faec6e29f17baa20 6939944
gnutls28_3.8.11.orig.tar.xz
6bcfeee1548a8d2afe8997a4015b3a55422cfdadc14524d14400cb3ad716a81a 833
gnutls28_3.8.11.orig.tar.xz.asc
daa0ab408f200d25bed875a88cab42130718f378be394779f0e222fa63573dba 173824
gnutls28_3.8.11-1.debian.tar.xz
Files:
ccb124e820b406df597d81a9ee34e4a3 3249 libs optional gnutls28_3.8.11-1.dsc
614a4f4131ee9d9c004830181bddccea 6939944 libs optional
gnutls28_3.8.11.orig.tar.xz
4ae1ca1efe2658ffc6fbbc43a6a189c4 833 libs optional
gnutls28_3.8.11.orig.tar.xz.asc
1e35b21eb597221136b1d1ef980acfa9 173824 libs optional
gnutls28_3.8.11-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmkhyhcACgkQpU8BhUOC
FITzzA/+OXaBRqUytX8hmi2DnZWiBBaoJ5H5JCtboXNKPV/m8so7kdcijs1Mqh33
tPL0CCleyPd5Cwm2fxS7m4wxvsuMXvrJumXwEBU/+lAq+x5NJ71wsLc+65PWJXk6
PzUfNssQEjAcM6BH29gPxIIWXnrhqenGYE09ZoRLk1lXD4MvCnG10+F0RGBkxuw3
Et1gQIQpl9Oe+SMpN+0bWpN/R3Or7hr9JIGWo7FS7WTelPhnCFcDEtBzRZ3R6X+M
z29jTnxtClw1FdCBIbW3JMQgSuDqmnSoQosJWMZ6TW0PkgXTFBryqmRwPFZebLDC
uhJFqvnshFHrUNhGNllnCjgeQ2hg4s6/yjv7McDONlKq9Dz0VmUTwl2DKBN/pbLu
iSexMQIl5C4DnjYUCGvuBoQI+1XvybTdmnw6gHF2vubK8OtU+DWh5X/0C7OEc37L
oky8dB7QHoJV1TBh8kdfpuPjJw4bzyHuVy0bljKthrKGflaPOJZoU40NYLoXNgBs
raiWJRCpYk0EUHVnhFc+BhCH1UoUXD8sL4Z3xlT2fmWWJKvPKsX8kWWm6mMhSqMX
uQtEzWq5DVu9qPq8SIU/ONIhBX1wtTluVIlhz5syLkkq3B28I9Na3ql8j7ycooK8
IWa7kiX6WlDeKPT/qD0kLdGiMDmhjhQRzRXQMUK8l+Fr7/7UTns=
=Q0Uq
-----END PGP SIGNATURE-----
pgpSg9kwVfbdX.pgp
Description: PGP signature
--- End Message ---
