Control: tags -1 + confirmed On Thu, 2020-06-25 at 17:37 +0200, Andreas Metzler wrote: > I would like to make a last bugfix upload to stretch: > * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. > + 40_casts_related_to_fix_CVE-2019-3829.patch > + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch > + 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate- > verification.patch > + 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff > * More important fixes: > + 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch > [One-line-fix for memleak] > > + 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero- > leng.patch > Handle zero length session tickets, fixing connection errors on > TLS1.2 > sessions to some big hosting providers. (See LP 1876286) > [Fixes connections to e.g. verizon popserver.]
Please go ahead. Regards, Adam