CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/05/25 02:16:08
Modified files:
security/gnutls: Tag: OPENBSD_6_9 Makefile distinfo
security/gnutls/pkg: Tag: OPENBSD_6_9 PLIST
Log message:
SECURITY update to gnutls-3.6.16.
CVE-2021-20305
** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
Nettle. In GnuTLS, as long as it is built and linked against the fixed
version of Nettle, this only affects GOST curves.
GNUTLS-SA-2021-03-10
** libgnutls: Fixed potential use-after-free in sending "key_share"
and "pre_shared_key" extensions. When sending those extensions, the
client may dereference a pointer no longer valid after
realloc. This happens only when the client sends a large Client
Hello message, e.g., when HRR is sent in a resumed session
previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call
realloc.
