Source: gnutls28 Version: 3.8.10-3 Severity: important Tags: security upstream Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1732 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for gnutls28. CVE-2025-9820[0]: | GNUTLS-SA-2025-11-18: When a PKCS#11 token is initialized with | gnutls_pkcs11_token_init function and it is passed a token label | longer than 32 characters, it may write past the boundary of stack | allocated memory. As we compile with -D_FORTIFY_SOURCE=2 it should be effectively mitigated already but still might be worth bringing the fix in. But no urgency IMHO, your take? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-9820 https://www.cve.org/CVERecord?id=CVE-2025-9820 [1] https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 [2] https://gitlab.com/gnutls/gnutls/-/issues/1732 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
