From 3.7.7 release notes: ** libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium][CVE-2022-2509] https://gitlab.com/gnutls/gnutls/-/issues/1383 isn't made public yet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a51aa34ac6e479cdbc4df45461dd5f70bb24d8ff commit a51aa34ac6e479cdbc4df45461dd5f70bb24d8ff Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-29 05:14:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-29 05:14:31 +0000 net-libs/gnutls: add 3.7.7 Bug: https://bugs.gentoo.org/861803 Signed-off-by: Sam James <sam@gentoo.org> net-libs/gnutls/Manifest | 2 + net-libs/gnutls/gnutls-3.7.7.ebuild | 144 ++++++++++++++++++++++++++++++++++++ 2 files changed, 146 insertions(+)
Ping. Please remove vulnerable version gnutls-3.7.6.
commit 6ebf59f39cd74d9f923e58850ec66b51ab32bfb7 Author: Sam James <sam@gentoo.org> Date: Fri Mar 22 05:04:07 2024 +0000 net-libs/gnutls: drop 3.7.6, 3.7.7