Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hello, I would like to make a last bugfix upload to stretch: * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. + 40_casts_related_to_fix_CVE-2019-3829.patch + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch + 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate-verification.patch + 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff * More important fixes: + 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch [One-line-fix for memleak] + 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286) [Fixes connections to e.g. verizon popserver.] TIA, cu Andreas