Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 861803 (CVE-2022-2509) - <net-libs/gnutls-3.7.7: Double free in PKCS7 signature verification
Summary: <net-libs/gnutls-3.7.7: Double free in PKCS7 signature verification
Alias: CVE-2022-2509
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa?]
Depends on: 866235
  Show dependency tree
Reported: 2022-07-29 05:11 UTC by Sam James
Modified: 2024-04-05 09:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-29 05:11:53 UTC
From 3.7.7 release notes:
** libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium][CVE-2022-2509] isn't made public yet.
Comment 1 Larry the Git Cow gentoo-dev 2022-07-29 05:14:38 UTC
The bug has been referenced in the following commit(s):

commit a51aa34ac6e479cdbc4df45461dd5f70bb24d8ff
Author:     Sam James <>
AuthorDate: 2022-07-29 05:14:21 +0000
Commit:     Sam James <>
CommitDate: 2022-07-29 05:14:31 +0000

    net-libs/gnutls: add 3.7.7
    Signed-off-by: Sam James <>

 net-libs/gnutls/Manifest            |   2 +
 net-libs/gnutls/gnutls-3.7.7.ebuild | 144 ++++++++++++++++++++++++++++++++++++
 2 files changed, 146 insertions(+)
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-08 08:11:12 UTC
Ping. Please remove vulnerable version gnutls-3.7.6.
Comment 3 Hans de Graaff gentoo-dev Security 2024-04-05 09:20:31 UTC
commit 6ebf59f39cd74d9f923e58850ec66b51ab32bfb7
Author: Sam James <>
Date:   Fri Mar 22 05:04:07 2024 +0000

    net-libs/gnutls: drop 3.7.6, 3.7.7