[ubuntu/groovy-proposed] gnutls28 3.6.13-4ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jun 5 17:30:14 UTC 2020 

gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium

  * SECURITY UPDATE: flaw in TLS session ticket key construction
    - debian/patches/CVE-2020-13777.patch: differentiate initial state from
      valid time window of TOTP in lib/stek.c,
      tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
    - CVE-2020-13777

Date: Fri, 05 Jun 2020 13:12:39 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-4ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2020 13:12:39 -0400
Source: gnutls28
Architecture: source
Version: 3.6.13-4ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium
 .
   * SECURITY UPDATE: flaw in TLS session ticket key construction
     - debian/patches/CVE-2020-13777.patch: differentiate initial state from
       valid time window of TOTP in lib/stek.c,
       tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
     - CVE-2020-13777
Checksums-Sha1:
 00db2a8724efb1db3ab8a7f1f759f928a6feb139 3586 gnutls28_3.6.13-4ubuntu2.dsc
 aeed00b9ecd87108e9d80e5528617e7d762ce18f 69656 gnutls28_3.6.13-4ubuntu2.debian.tar.xz
 998212fe8969d5813c866adff4d813251f33e636 7158 gnutls28_3.6.13-4ubuntu2_source.buildinfo
Checksums-Sha256:
 4789b5c40031d5f463dfcbd50776375683c65903cba1bde8b58b385d2c91f32c 3586 gnutls28_3.6.13-4ubuntu2.dsc
 7f7cd3b8b2155527da008a57336d978c316a35ca62aa2019dd27ae27a3a9aa7e 69656 gnutls28_3.6.13-4ubuntu2.debian.tar.xz
 e4aa168c99375106ada960477f3e9e61bdc09eaaa68edb7215d932ea803f27e4 7158 gnutls28_3.6.13-4ubuntu2_source.buildinfo
Files:
 db0adc723189551d6d47dfcd1615c373 3586 libs optional gnutls28_3.6.13-4ubuntu2.dsc
 fa6e9246331bccd856a901442df8c207 69656 libs optional gnutls28_3.6.13-4ubuntu2.debian.tar.xz
 b12483a85e0d1dc4c00a49ecc846bf76 7158 libs optional gnutls28_3.6.13-4ubuntu2_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7afxEACgkQZWnYVadE
vpPTYxAAiX6dHfPgUe19glX7aKqiWAK0XD7FtDz8Lty1gv+1UT6GOekFRGqtGYF6
ZQcxRW5sN/jMSDHeUYttb/gBYCm38NIub+Mcf+qw97ZvKA/tEU5LhUeRR/igR4PI
fTSoMnm2W4hfOdY4e1Wa4AZihurO3TWUObmZAxQv0pWpYtgQUiyyMUw/M0U1hARk
ajurSnUrwjqnUuhhLeXX2UzdWI/sYZa5Ib9LQ9PIlMiE6XLPOuYuC9nmUyBi9XTf
J9oCYamQQsGw8M6hfJqTIZEuGwZ9RcVdcK26SF/uXBGgAp6DB9sLtZs+TTKYtqZt
a6YUp1eT8YkyTtPVWixRCwxWmgmSKGwAAOo+JD041rqOsMlTpWCSgR74I4Y9dj10
ZQOUdY64944mXS/BsQU41e1GpWGXvcvay74iTxfl9xDbQMdQ3tO3+KqpwD8OYOPQ
tm0+BItFop/zFowgkJQgHBTHLCXlcjd6Y5Zi/CREwec3XVk44NywTNyCRaCEoshW
jGhULbEqta9i1VKSrUFAd4t5LlZQLVoxojRVt1L9fy9W3pQBrb9olOsDrqE2+Ium
HfoZVQUSFgUXPVxcZ9k0kJCgzRlLTr4gt+CV1vAWv6sz9sBuVd7Wo/J1U/wZM4yx
YeNEoWcc0Rr7OMx+g1WxsvAidDoEXaxUMW2esEer/BFrhXK4cwI=
=mxnm
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list