22 lines
1.1 KiB
Plaintext
22 lines
1.1 KiB
Plaintext
|
<patchinfo>
|
||
|
<!-- generated from request(s) 338947 -->
|
||
|
<issue tracker="bnc" id="1221242">Memory leak in gnutls — ref:_00D1igLOd._500Tr6tLDN:ref</issue>
|
||
|
<issue tracker="bnc" id="1221746">VUL-0: CVE-2024-28834: gnutls: side-channel in the deterministic ECDSA</issue>
|
||
|
<issue tracker="bnc" id="1221747">VUL-0: CVE-2024-28835: gnutls: certtool crash when verifying a certificate chain</issue>
|
||
|
<issue tracker="cve" id="2024-28834"/>
|
||
|
<issue tracker="cve" id="2024-28835"/>
|
||
|
<packager>pmonrealgonzalez</packager>
|
||
|
<rating>important</rating>
|
||
|
<category>security</category>
|
||
|
<summary>Security update for gnutls</summary>
|
||
|
<description>This update for gnutls fixes the following issues:
|
||
|
|
||
|
- CVE-2024-28835: certtool crash when verifying a certificate chain (bsc#1221747)
|
||
|
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
|
||
|
- jitterentropy: Release the memory of the entropy collector when using jitterentropy
|
||
|
with phtreads as there is also a pre-initialization done in the main thread. (bsc#1221242)
|
||
|
</description>
|
||
|
<package>gnutls</package>
|
||
|
<seperate_build_arch/>
|
||
|
</patchinfo>
|