From Ow471mVd8 at concentric.net Tue May 28 01:27:35 2024 From: Ow471mVd8 at concentric.net (Ow471mVd8 at concentric.net) Date: 28 May 24 1:27:35 PM Subject: (None) Message-ID: An HTML attachment was scrubbed... URL: From zfridric at redhat.com Mon May 27 10:13:26 2024 From: zfridric at redhat.com (Zoltan Fridrich) Date: Mon, 27 May 2024 10:13:26 +0200 Subject: [gnutls-help] gnutls 3.7.11 Message-ID: Hello, We have just released gnutls-3.7.11. This is a bug fix release on the 3.7.x branch. We would like to thank everyone who contributed in this release: Xin Long, Daiki Ueno and Zoltan Fridrich The detailed list of changes follows: * Version 3.7.11 (released 2024-04-13) ** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834] ** libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835] ** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] ** libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] ** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981] ** API and ABI modifications: No changes since last version. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220C https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz.sig Note that it has been signed with my openpgp key: pub ? ed25519 2021-12-23 [SC] [expires: 2027-01-01] ? ? ? 5D46CB0F763405A7053556F47A75A648B3F9220C uid ? ? ? ? ? [ultimate] Zoltan Fridrich sub ? cv25519 2021-12-23 [E] [expires: 2027-01-01] Regards, Zoltan -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x7A75A648B3F9220C.asc Type: application/pgp-keys Size: 1054 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: