[gnutls-help] gnutls 3.6.16

Daiki Ueno ueno at gnu.org
Mon May 24 10:49:49 CEST 2021

 We've just released gnutls 3.6.16. This is a security and bug fix
release on the stable 3.6.x branch.

We'd like to thank everyone who contributed in this release:
Daiki Ueno, Fiona Klute, and Stefan Berger.

The detailed list of changes follows:

* Version 3.6.16 (released 2021-05-24)

** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
   Nettle.  In GnuTLS, as long as it is built and linked against the fixed
   version of Nettle, this only affects GOST curves.  [CVE-2021-20305]

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:


Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Daiki Ueno, on behalf of the GnuTLS development team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210524/251883c1/attachment.sig>

More information about the Gnutls-help mailing list