diff options
author | Hubert Kario <hkario@redhat.com> | 2023-02-08 14:43:45 +0100 |
---|---|---|
committer | Zoltan Fridrich <zfridric@redhat.com> | 2023-02-09 11:45:42 +0100 |
commit | b7bf28a291c781a3b1b0f06c64fd6566aa7260f1 (patch) | |
tree | 73c4f93be9fbd1bd7cfad506bad2c07995d74e13 | |
parent | 7c963102ec2119eecc1789b993aabe5edfd75f3b (diff) | |
download | gnutls-b7bf28a291c781a3b1b0f06c64fd6566aa7260f1.tar.gz |
document the CVE fix
Signed-off-by: Hubert Kario <hkario@redhat.com>
-rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -5,6 +5,15 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.7.9 (released 2023-02-09) + +** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. + Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. + [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] + +** API and ABI modifications: +No changes since last version. + * Version 3.7.8 (released 2022-09-27) ** libgnutls: In FIPS140 mode, RSA signature verification is an approved |