<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p> </p>
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released
gnutls-3.7.11. This is a bug fix release on the 3.7.x
branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank
everyone who contributed in this release:</font></div>
<font face="monospace"> </font>
<div><font face="monospace">Xin Long, Daiki Ueno and
Zoltan Fridrich<br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">The detailed list of changes
follows:</font> </div>
</div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr">
<pre class="code highlight" lang="plaintext"><span>* Version 3.7.11 (released 2024-04-13)</span>
<span></span>
<span>** libgnutls: Fix side-channel in the deterministic ECDSA.</span>
<span> Reported by George Pantelakis (#1516).</span>
<span> [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]</span>
<span></span>
<span>** libgnutls: Fixed a bug where certtool crashed when verifying a certificate</span>
<span> chain with more than 16 certificates. Reported by William Woodruff (#1525)</span>
<span> and yixiangzhike (#1527).</span>
<span> [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]</span>
<span></span>
<span>** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange</span>
<span> [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]</span>
<span></span>
<span>** libgnutls: Fix assertion failure when verifying a certificate chain with a</span>
<span> cycle of cross signatures</span>
<span> [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]</span>
<span></span>
<span>** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.</span>
<span> [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]</span>
<span></span>
<span>** API and ABI modifications:</span>
<span>No changes since last version.</span>
<font face="monospace">
Getting the Software
</font><font face="monospace">================</font></pre>
</div>
<div dir="ltr"> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be
downloaded directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS
mirrors can be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ
compressed sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP
detached signatures signed using key:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font> <font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.7/gnutls-3.7.11.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2027-01-01]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2027-01-01]</font><font
face="monospace"><br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</div>
</div>
<p></p>
</div>
</body>
</html>