According to the announce on oss-security: > Stefan Bühler discovered an issue that affects validation of > certificates using OCSP responses, which can falsely report a > certificate as valid under certain circumstances. That issue affects > gnutls 3.3.24, 3.4.14, 3.5.3 and previous versions. Upstream fix is at [1]. This is as well tracked in Red Hat's bugzilla at [2]. [1] https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1374266 Reproducible: Always
gnutls-3.3.24-r1 was added, thanks!
Hi, Please stabilize. Thanks!
Stable for HPPA PPC64.
amd64 stable
x86 stable
Stable on alpha.
sparc stable
ppc stable
arm stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Cleanup done.
GLSA Vote: No