8390 – Our GnuTLS is out of date

Bug 8390 - Our GnuTLS is out of date

Summary: Our GnuTLS is out of date

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Build system (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	MediumPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-07-19 16:16 CEST by Samuel Mannehed
Modified:	2024-07-22 14:59 CEST (History)
CC List:	0 users

See Also:
Acceptance Criteria:	MUST: * GnuTLS included in ThinLinc should not have any known security issues affecting ThinLinc users SHOULD: * The latest stable GnuTLS should be included in ThinLinc EXTRA: * GnuTLS and its dependencies should be updated to their latest versions (nettle, libtasn1 and gmp)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio

2024-07-19 16:16:24 CEST

We currently have GnuTLS 3.8.2 in our build system. The latest version is 3.8.6, and there have been some security fixes since our last upgrade:

3.8.3: https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html
3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html

Comment 1 Samuel Mannehed cendio

2024-07-19 16:23:21 CEST

Regarding the dependencies:

* nettle; we currently have 3.9.1 in our build system, 3.10 is available:
  https://ftp.gnu.org/gnu/nettle/

* libtasn1; we already have the latest version, 4.19.0:
  https://ftp.gnu.org/gnu/libtasn1/

* gmp; we already have the latest version, 6.3.0:
  https://gmplib.org/#DOWNLOAD

Note You need to log in before you can comment on or make changes to this bug.