"When a single trust list object is shared among multiple threads, calls to gnutls_x509_trust_list_verify_crt2() was able to corrupt temporary memory where internal copy of an issuer certificate is stored. The code path is only taken when a PKCS#11 based trust store is enabled and the issuer certificate is already stored as trusted. The issue was reported in the issue tracker as #1277. Recommendation: To address the issue found upgrade to GnuTLS 3.7.3 or later versions." See https://gitlab.com/gnutls/gnutls/-/issues/1277.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd7f6673d01d4af7f1bcc9b3ca707b98d679cd5c commit cd7f6673d01d4af7f1bcc9b3ca707b98d679cd5c Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-20 11:39:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-20 12:02:04 +0000 net-libs/gnutls: add 3.7.3 Bug: https://bugs.gentoo.org/831573 Signed-off-by: Sam James <sam@gentoo.org> net-libs/gnutls/Manifest | 1 + net-libs/gnutls/gnutls-3.7.3.ebuild | 127 ++++++++++++++++++++++++++++++++++++ 2 files changed, 128 insertions(+)
Please cleanup
commit 7b287cd440224ce96f7353353269c3ccada4ad55 Author: David Seifert <soap@gentoo.org> Date: Tue Jun 21 11:40:24 2022 +0200 net-libs/gnutls: drop 3.7.2, 3.7.3-r1, 3.7.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ebf59f39cd74d9f923e58850ec66b51ab32bfb7 commit 6ebf59f39cd74d9f923e58850ec66b51ab32bfb7 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-22 05:04:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-22 05:04:30 +0000 net-libs/gnutls: drop 3.7.6, 3.7.7 Bug: https://bugs.gentoo.org/831573 Signed-off-by: Sam James <sam@gentoo.org> net-libs/gnutls/Manifest | 4 -- net-libs/gnutls/gnutls-3.7.6.ebuild | 139 ----------------------------------- net-libs/gnutls/gnutls-3.7.7.ebuild | 140 ------------------------------------ 3 files changed, 283 deletions(-)
