+** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange + [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] + +** libgnutls: Fix assertion failure when verifying a certificate chain with a + cycle of cross signatures + [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] +
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53624e86f0aadc4368d66e013ed9ae4183877e40 commit 53624e86f0aadc4368d66e013ed9ae4183877e40 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-01-17 04:09:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-17 04:09:40 +0000 net-libs/gnutls: add 3.8.3 Bug: https://bugs.gentoo.org/922262 Signed-off-by: Sam James <sam@gentoo.org> net-libs/gnutls/Manifest | 2 + net-libs/gnutls/gnutls-3.8.3.ebuild | 149 ++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d807aa8600bb14d1777fcc4a8f0522f4674f46c8 commit d807aa8600bb14d1777fcc4a8f0522f4674f46c8 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-22 05:04:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-22 05:04:35 +0000 net-libs/gnutls: drop 3.8.1-r1, 3.8.2 Bug: https://bugs.gentoo.org/922262 Signed-off-by: Sam James <sam@gentoo.org> net-libs/gnutls/Manifest | 4 - net-libs/gnutls/gnutls-3.8.1-r1.ebuild | 146 --------------------------------- net-libs/gnutls/gnutls-3.8.2.ebuild | 142 -------------------------------- 3 files changed, 292 deletions(-)
