[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes]
|
From: |
Jack Hill |
|
Subject: |
[bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] |
|
Date: |
Tue, 16 Jan 2024 14:58:43 -0500 |
Fixes CVE-2024-0553 and CVE-2024-0567.
gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
---
Version 3 updates the code comment for the new CVEs
gnu/packages/tls.scm | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 6441b8ed43..207763bdc2 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,7 +200,7 @@ (define-public gnutls
(package
(name "gnutls")
(version "3.7.7")
- (replacement gnutls-3.8.2)
+ (replacement gnutls-3.8.3)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -305,11 +305,12 @@ (define-public gnutls
(define-deprecated/public-alias gnutls-latest gnutls)
;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
-;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
-(define gnutls-3.8.2
+;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981,
+;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 /
CVE-2024-0567
+(define gnutls-3.8.3
(package
(inherit gnutls)
- (version "3.8.2")
+ (version "3.8.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
@@ -318,7 +319,7 @@ (define gnutls-3.8.2
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+ "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0