"When a single trust list object is shared among multiple threads, calls to gnutls_x509_trust_list_verify_crt2() was able to corrupt temporary memory where internal copy of an issuer certificate is stored. The code path is only taken when a PKCS#11 based trust store is enabled and the issuer certificate is already stored as trusted. The issue was reported in the issue tracker as #1277.
Recommendation: To address the issue found upgrade to GnuTLS 3.7.3 or later versions."
The bug has been referenced in the following commit(s):
Author: Sam James <email@example.com>
AuthorDate: 2022-01-20 11:39:16 +0000
Commit: Sam James <firstname.lastname@example.org>
CommitDate: 2022-01-20 12:02:04 +0000
net-libs/gnutls: add 3.7.3
Signed-off-by: Sam James <email@example.com>
net-libs/gnutls/Manifest | 1 +
net-libs/gnutls/gnutls-3.7.3.ebuild | 127 ++++++++++++++++++++++++++++++++++++
2 files changed, 128 insertions(+)