[Buildroot] [PATCH] package/gnutls: security bump to 3.6.14
Peter Korsgaard
peter at korsgaard.com
Thu Jul 16 15:01:38 UTC 2020
>>>>> "stefan" == stefan <stefan at astylos.dk> writes:
> From: Stefan Sørensen <stefan.sorensen at spectralink.com>
> Fixes the following security issue:
> * CVE-2020-13777: It was found that GnuTLS 3.6.4 introduced a
> regression in the TLS protocol implementation. This caused the TLS
> server to not securely construct a session ticket encryption key
> considering the application supplied secret, allowing a MitM
> attacker to bypass authentication in TLS 1.3 and recover previous
> conversations in TLS 1.2
> Release announcement:
> https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list