Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
package/gnutls: security bump to version 3.6.15
libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. The server sending a "no_renegotiation" alert in an unexpected timing, followed by an invalid second handshake was able to cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium] https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]>
- Loading branch information