SUSE_ALP_Standard/patchinfo.20240716152951605678.269002615871826/_patchinfo

22 lines
1.1 KiB
Plaintext
Raw Normal View History

<patchinfo>
<!-- generated from request(s) 338947 -->
<issue tracker="bnc" id="1221242">Memory leak in gnutls &#8212; ref:_00D1igLOd._500Tr6tLDN:ref</issue>
<issue tracker="bnc" id="1221746">VUL-0: CVE-2024-28834: gnutls: side-channel in the deterministic ECDSA</issue>
<issue tracker="bnc" id="1221747">VUL-0: CVE-2024-28835: gnutls: certtool crash when verifying a certificate chain</issue>
<issue tracker="cve" id="2024-28834"/>
<issue tracker="cve" id="2024-28835"/>
<packager>pmonrealgonzalez</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for gnutls</summary>
<description>This update for gnutls fixes the following issues:
- CVE-2024-28835: certtool crash when verifying a certificate chain (bsc#1221747)
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- jitterentropy: Release the memory of the entropy collector when using jitterentropy
with phtreads as there is also a pre-initialization done in the main thread. (bsc#1221242)
</description>
<package>gnutls</package>
<seperate_build_arch/>
</patchinfo>