Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
817df6d7 by Guilhem Moulin at 2026-05-21T15:32:31+02:00
Triage CVE-2026-5419/gnutls28 for bullseye
Block cipher functions `gnutls_cipher_encrypt3()` and `gnutls_cipher_decrypt3()`
were introduced in 3.7.7 via MR!1611 to transparently handle padding, see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1611 and
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13946,9 +13946,11 @@ CVE-2018-25298 (Merge PACS 7.0 contains a cross-site
request forgery vulnerabili
CVE-2026-5419
{DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
+ [bullseye] - gnutls28 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1815
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/1e627aa5ad95c6dc0518d94e9a009997b081a1ab
(3.8.13)
+ NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/4b45ad6923a7b1d296a111153663f23c13173b94
(3.7.7)
CVE-2026-3832 (A flaw was found in gnutls. A remote attacker could exploit
this vulne ...)
- gnutls28 3.8.13-1 (bug #1135319)
[trixie] - gnutls28 3.8.9-3+deb13u4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817df6d7ff85ac2180aa386e6da0ee31568c35b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817df6d7ff85ac2180aa386e6da0ee31568c35b7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
