[Buildroot] [PATCH] package/gnutls: security bump to 3.6.14

Peter Korsgaard peter at korsgaard.com
Thu Jul 16 15:01:38 UTC 2020


>>>>> "stefan" == stefan  <stefan at astylos.dk> writes:

 > From: Stefan Sørensen <stefan.sorensen at spectralink.com>
 > Fixes the following security issue:

 >  * CVE-2020-13777: It was found that GnuTLS 3.6.4 introduced a
 >    regression in the TLS protocol implementation. This caused the TLS
 >    server to not securely construct a session ticket encryption key
 >    considering the application supplied secret, allowing a MitM
 >    attacker to bypass authentication in TLS 1.3 and recover previous
 >    conversations in TLS 1.2

 > Release announcement:
 >  https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html

 > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list