[Buildroot] [PATCH 1/1] package/gnutls: security bump to 3.6.13
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Apr 8 20:51:55 UTC 2020
On Tue, 7 Apr 2020 09:36:44 +0200
Stefan Sørensen <stefan.sorensen at spectralink.com> wrote:
> Fixes the following security issue:
>
> * CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
> regression in the DTLS protocol implementation. This caused the DTLS
> client to not contribute any randomness to the DTLS negotiation
> breaking the security guarantees of the DTLS protocol.
>
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> ---
> package/gnutls/gnutls.hash | 4 ++--
> package/gnutls/gnutls.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
Your patch didn't apply cleanly for some reason, perhaps your SMTP
server screws it up when adding the confidentiality footer or something
like that. I fixed that up and applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list