File _patchinfo of Package patchinfo.11055
<patchinfo incident="11055">
<issue tracker="bnc" id="1130681">VUL-0: CVE-2019-3829: gnutls: gnutls: use-after-free/double-free in certificate verification</issue>
<issue tracker="bnc" id="1130682">VUL-0: CVE-2019-3836: gnutls: gnutls: invalid pointer access upon receiving async handshake messages</issue>
<issue tracker="bnc" id="1118087">VUL-0: CVE-2018-16868: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification</issue>
<issue tracker="cve" id="2019-3836"/>
<issue tracker="cve" id="2018-16868"/>
<issue tracker="cve" id="2019-3829"/>
<issue tracker="fate" id="327114"/>
<packager>jsikes</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for gnutls</summary>
<description>This update for gnutls fixes to version 3.6.7 the following issues:
Security issued fixed:
- CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682).
- CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681).
- CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087)
Non-security issue fixed:
- Update gnutls to support TLS 1.3 (fate#327114)
</description>
</patchinfo>