All of lore.kernel.org
 help / color / mirror / Atom feed
* [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
@ 2026-06-13 10:25 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
  0 siblings, 2 replies; 7+ messages in thread
From: Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-06-13 10:25 UTC (permalink / raw)
  To: openembedded-core

From: Sudhir Dumbhare <sudumbha@cisco.com>

Analysis:
  - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
  - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
  - This vulnerable code is not present in the current GnuTLS 3.8.4.
  - Hence ignoring the CVE for this version.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-3832
https://security-tracker.debian.org/tracker/CVE-2026-3832
https://gitlab.com/gnutls/gnutls/-/issues/1801

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
 meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index ccb6a2b4b2..6d43c58df2 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
         ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
     fi
 }
+
+CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"
-- 
2.35.6



^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-07-10 10:19 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-22 15:09   ` Yoann Congal
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
2026-07-06 17:26   ` Yoann Congal
2026-07-09  5:08     ` [scarthgap][PATCH " Sudhir Dumbhare
2026-07-10 10:19     ` Sudhir Dumbhare

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.