[ubuntu/resolute-proposed] gnutls28 3.8.10-3ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 18 15:41:16 UTC 2026 

gnutls28 (3.8.10-3ubuntu2) resolute; urgency=medium

  * SECURITY UPDATE: DoS via malicious certificates
    - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
      to exhibit better performance characteristics in
      lib/x509/name_constraints.c, tests/name-constraints-ip.c.
    - CVE-2025-14831
  * SECURITY UPDATE: stack overflow via long token label
    - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
      initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
      tests/pkcs11/long-label.c.
    - CVE-2025-9820

Date: Wed, 18 Feb 2026 10:00:15 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.8.10-3ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 18 Feb 2026 10:00:15 -0500
Source: gnutls28
Built-For-Profiles: noudeb
Architecture: source
Version: 3.8.10-3ubuntu2
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 gnutls28 (3.8.10-3ubuntu2) resolute; urgency=medium
 .
   * SECURITY UPDATE: DoS via malicious certificates
     - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
       to exhibit better performance characteristics in
       lib/x509/name_constraints.c, tests/name-constraints-ip.c.
     - CVE-2025-14831
   * SECURITY UPDATE: stack overflow via long token label
     - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
       initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
       tests/pkcs11/long-label.c.
     - CVE-2025-9820
Checksums-Sha1:
 31517165fc5dc02fbe1c281fe3159764ee17c6ef 3354 gnutls28_3.8.10-3ubuntu2.dsc
 1f6848089e864006f9fe42225c28639c4d19965e 189484 gnutls28_3.8.10-3ubuntu2.debian.tar.xz
 bf82e782d16621d4c7b086c043dc36a9df31e704 7950 gnutls28_3.8.10-3ubuntu2_source.buildinfo
Checksums-Sha256:
 26f569a5efd538e8496706c0792e8f5b9f6740baaf1d11ed646431676b98ea3f 3354 gnutls28_3.8.10-3ubuntu2.dsc
 c4c662f283f47068d91abe5d398f354e7a81b8e5bad4608f50195cc47f94a1f6 189484 gnutls28_3.8.10-3ubuntu2.debian.tar.xz
 2e2c09363fe0d15ccc3f34c2969eae4d02f2863165225e391f0cc21a6c21025b 7950 gnutls28_3.8.10-3ubuntu2_source.buildinfo
Files:
 6bc4a969eb2e052a3511991d66e5e6b2 3354 libs optional gnutls28_3.8.10-3ubuntu2.dsc
 123ec73fe61f61da7b0783f30c3402d7 189484 libs optional gnutls28_3.8.10-3ubuntu2.debian.tar.xz
 d511b89d88ffd91e917cc1f93a9625f8 7950 libs optional gnutls28_3.8.10-3ubuntu2_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

More information about the Resolute-changes mailing list