Your message dated Sat, 20 Dec 2025 13:32:08 +0000
with message-id <[email protected]>
and subject line Bug#1121146: fixed in gnutls28 3.8.9-3+deb13u1
has caused the Debian Bug report #1121146,
regarding gnutls28: CVE-2025-9820
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls28
Version: 3.8.10-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1732
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gnutls28.
CVE-2025-9820[0]:
| GNUTLS-SA-2025-11-18: When a PKCS#11 token is initialized with
| gnutls_pkcs11_token_init function and it is passed a token label
| longer than 32 characters, it may write past the boundary of stack
| allocated memory.
As we compile with -D_FORTIFY_SOURCE=2 it should be effectively
mitigated already but still might be worth bringing the fix in. But
no urgency IMHO, your take?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9820
https://www.cve.org/CVERecord?id=CVE-2025-9820
[1] https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
[2] https://gitlab.com/gnutls/gnutls/-/issues/1732
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.8.9-3+deb13u1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Nov 2025 14:13:38 +0100
Source: gnutls28
Architecture: source
Version: 3.8.9-3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1121146
Changes:
gnutls28 (3.8.9-3+deb13u1) trixie; urgency=medium
.
* Add patch for CVE-2025-9820 / GNUTLS-SA-2025-11-18 from 3.8.11.
Closes: #1121146
Checksums-Sha1:
b6aeff24a442d21641b21ee950640b743f447860 3268 gnutls28_3.8.9-3+deb13u1.dsc
539c114771c086061b0e92cef6a3323683562964 90880
gnutls28_3.8.9-3+deb13u1.debian.tar.xz
Checksums-Sha256:
42c8187a42f028030e325d2f04142252c8f817bd4c6431bc8278c4ed947e104d 3268
gnutls28_3.8.9-3+deb13u1.dsc
abfcc258231c613bf20fe0026587c3989d6c3a68579f177554907464be59c6b1 90880
gnutls28_3.8.9-3+deb13u1.debian.tar.xz
Files:
c3a7b3ebd88423c31ccbe5185a86f5a1 3268 libs optional
gnutls28_3.8.9-3+deb13u1.dsc
1e1d6e23bc5be94988e81b01b24c0775 90880 libs optional
gnutls28_3.8.9-3+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmk1FQwACgkQpU8BhUOC
FITWeA//ckeUdOLAtPI2U8Pcb2QCehLyGY1bRAJpXM9jGo1u4edgGA+tXj3Byl1a
KbElCm68h6z92lp6gVL7pokeF2S0BHktPdh/pTk+2RqAROM+LHk4Tv98vuye4RQz
mIm6DZsDoNISm9hweWKGoyTbyruVaBUkmMLzwfq8Cijw35Lalo7jp+V7eT7+O+jk
0h+9IFK2onqOlEfs4OwoVxuWSxlJ0ezG8zIXS8QH0wCL7HVoHVRYIcTDH5WN3zAe
GTfMdU36qs8uFiXlLY/6H1Vt/4Y+MUlD8RbwwkPiE+AqOiAC1kGbQVFK8x2QpsBV
CAvNy1XBS2BL8ptTlTA/KN+SrOAejflrybJnlGJijZb7E4p/50NhLTu4DOVKAewt
RMXGS0EkTORzRHf0L0eTPncwjv4gOr1octJjZp21z2DAsgYtSTDD/TGQhPOSd3Y9
DK2I/qugEF+u4+skon529p1dCFURy052f64TlGTaNS95hTmHzFv3Z+B4svAWakOA
wnWeLMY9grH0RQKqqg8B+j20vd4sh6IJEC55eST4f6pvjhTURT2fzCyNJZz4N+0R
peJTEVd1xQv803lOpbTByJXyd+mWLpbk3DszOEaY+Ej3+hJOBdaz9ZAANQzezgcX
WI+QvgdLom0QXRGKN7Rv+Te4ow835jHOZ6D233Oohcvgv2YaHLY=
=E9/V
-----END PGP SIGNATURE-----
pgpZIFSQfGs_p.pgp
Description: PGP signature
--- End Message ---
