From 66ad23979df90d80abc611771458b3473b312f2f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 4 Apr 2020 16:55:04 +0200 Subject: [DSA 4652-1] gnutls28 security update --- english/security/2020/dsa-4652.data | 13 +++++++++++++ english/security/2020/dsa-4652.wml | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 english/security/2020/dsa-4652.data create mode 100644 english/security/2020/dsa-4652.wml diff --git a/english/security/2020/dsa-4652.data b/english/security/2020/dsa-4652.data new file mode 100644 index 00000000000..ee5f7fc8cde --- /dev/null +++ b/english/security/2020/dsa-4652.data @@ -0,0 +1,13 @@ +DSA-4652-1 gnutls28 +2020-4-04 +CVE-2020-11501 Bug#955556 +gnutls28 +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2020/dsa-4652.wml b/english/security/2020/dsa-4652.wml new file mode 100644 index 00000000000..50530e4ef8d --- /dev/null +++ b/english/security/2020/dsa-4652.wml @@ -0,0 +1,20 @@ +security update + +

A flaw was reported in the DTLS protocol implementation in GnuTLS, a +library implementing the TLS and SSL protocols. The DTLS client would +not contribute any randomness to the DTLS negotiation, breaking the +security guarantees of the DTLS protocol.

+ +

For the stable distribution (buster), this problem has been fixed in +version 3.6.7-4+deb10u3.

+ +

We recommend that you upgrade your gnutls28 packages.

+ +

For the detailed security status of gnutls28 please refer to its +security tracker page at: +https://security-tracker.debian.org/tracker/gnutls28

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4652.data" +# $Id: $ -- cgit v1.2.3