Format: 1.8 Date: Thu, 18 Apr 2024 09:54:34 -0400 Source: gnutls28 Built-For-Profiles: noudeb Architecture: source Version: 3.8.3-1.1ubuntu3.1 Distribution: noble-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Changes: gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium . * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 * SECURITY UPDATE: crash via specially-crafted cert bundle - debian/patches/CVE-2024-28835.patch: remove length limit of input in lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c, tests/test-chains.h. - CVE-2024-28835 Checksums-Sha1: be8ebf945798978c216eb15a1ddbb0caf5ba720d 3394 gnutls28_3.8.3-1.1ubuntu3.1.dsc e24fbb9d58052817c0c425e84b16bfd6be0a420e 88208 gnutls28_3.8.3-1.1ubuntu3.1.debian.tar.xz dc39963ca480ba5e324d2fcc0c0d90072d5c4d43 8177 gnutls28_3.8.3-1.1ubuntu3.1_source.buildinfo Checksums-Sha256: 97f2515450492cc124e6c4534ea0cbe5c67b580f5faa18dfafe4ee4499b47d5d 3394 gnutls28_3.8.3-1.1ubuntu3.1.dsc fea67ee2c58708cd85f9b62a7dc15a4729bfcbb2b73d6f950203047f9184d328 88208 gnutls28_3.8.3-1.1ubuntu3.1.debian.tar.xz e2377aacacd3dccd92f99523bf618b30d670f29b0de1ffaca7455a24ffbb5508 8177 gnutls28_3.8.3-1.1ubuntu3.1_source.buildinfo Files: 3c5fa159a42f2865100b125a1b4b4cae 3394 libs optional gnutls28_3.8.3-1.1ubuntu3.1.dsc bce523afef50752007ee418faffe4abd 88208 libs optional gnutls28_3.8.3-1.1ubuntu3.1.debian.tar.xz 3c66a232adb598a9907e565d2634f78f 8177 libs optional gnutls28_3.8.3-1.1ubuntu3.1_source.buildinfo Original-Maintainer: Debian GnuTLS Maintainers