[gnutls-devel] gnutls 3.3.24

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jul 6 09:21:19 CEST 2016

 I've just released gnutls 3.3.24. This is a bug-fix release on
the previous stable branch which also addresses a vulnerability on
systems which utilize gnutls with the p11-kit trust module -see

* Version 3.3.24 (released 2016-06-06)

** libgnutls: Address issue when utilizing the p11-kit trust store
   for certificate verification (GNUTLS-SA-2016-2).

** libgnutls: when generating private keys mark the public key as not

** libgnutls: use secure_getenv() where available to obtain environment

** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
   Guillaume Roguez.

** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
   from SafeNet Network HSM. Reported by Anthony Alba.

** libgnutls: Corrected reading and writing of PKCS#11
   CKA_SERIAL_NUMBER. Report and fix by Stanislav Židek.

** libgnutls: Enhanced the priority functions to understand -VERS-ALL
   keyword to allow compatibility of priority strings between 3.4.x
   and 3.3.x.

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list