Openembedded Core Discussions
 help / color / mirror / Atom feed
* [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
@ 2026-06-13 10:25 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
  0 siblings, 2 replies; 7+ messages in thread
From: Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-06-13 10:25 UTC (permalink / raw)
  To: openembedded-core

From: Sudhir Dumbhare <sudumbha@cisco.com>

Analysis:
  - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
  - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
  - This vulnerable code is not present in the current GnuTLS 3.8.4.
  - Hence ignoring the CVE for this version.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-3832
https://security-tracker.debian.org/tracker/CVE-2026-3832
https://gitlab.com/gnutls/gnutls/-/issues/1801

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
 meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index ccb6a2b4b2..6d43c58df2 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
         ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
     fi
 }
+
+CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"
-- 
2.35.6



^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009
  2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-13 10:25 ` Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-22 15:09   ` Yoann Congal
  2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
  1 sibling, 1 reply; 7+ messages in thread
From: Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-06-13 10:25 UTC (permalink / raw)
  To: openembedded-core

From: Sudhir Dumbhare <sudumbha@cisco.com>

This patch applies the upstream fix [1] and [2], as referenced in [3],
to address a DTLS packet reordering flaw where duplicate sequence numbers
could lead to unstable ordering or undefined behavior.

[1] https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
[2] https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
[3] https://security-tracker.debian.org/tracker/CVE-2026-42009

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-42009

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
 .../gnutls/gnutls/CVE-2026-42009_p1.patch     | 66 +++++++++++++++++++
 .../gnutls/gnutls/CVE-2026-42009_p2.patch     | 47 +++++++++++++
 meta/recipes-support/gnutls/gnutls_3.8.4.bb   |  2 +
 3 files changed, 115 insertions(+)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
new file mode 100644
index 0000000000..03214bab0e
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
@@ -0,0 +1,66 @@
+From e1f366666c12f431151a04ada9cf9a30d602751b Mon Sep 17 00:00:00 2001
+From: Alexander Sosedkin <asosedkin@redhat.com>
+Date: Tue, 21 Apr 2026 16:52:48 +0200
+Subject: [PATCH] lib/buffers: ensure packets have differing sequence
+ numbers
+
+There should normally be no packets with same sequence number and
+differing handshake type, unless an adversary crafts them.
+Discarding them allows to get rid of packets
+with duplicate sequence ID in the buffer,
+relieving us from the question of how to sort them later.
+
+CVE: CVE-2026-42009
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d]
+
+Backport Changes:
+- Adjusted the upstream hunk to match the GnuTLS 3.8.4 code layout.
+- The upstream commit uses the local recv_buf alias introduced later
+  in v3.8.13 by commit;
+  https://gitlab.com/gnutls/gnutls/-/commit/9deffca528c23bbb218f5ec3bd4bb1bf4cbd1fc0.
+- GnuTLS 3.8.4 does not have that local recv_buf alias in
+  merge_handshake_packet(), so the backport replaces recv_buf[i] with the
+  existing session->internals.handshake_recv_buffer[i] access pattern.
+
+Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
+Fixes: #1848
+Fixes: CVE-2026-42009
+Fixes: GNUTLS-SA-2026-04-29-2
+CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
+(cherry picked from commit f01e21441e29052a6f0963840794c41d3b3ee66d)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/buffers.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index 672380b054..e7f08b5625 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -968,8 +968,20 @@ static int merge_handshake_packet(gnutls_session_t session,
+ 	int ret;
+ 
+ 	for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+-		if (session->internals.handshake_recv_buffer[i].htype ==
+-		    hsk->htype) {
++		if (session->internals.handshake_recv_buffer[i].sequence == hsk->sequence) {
++			if (session->internals.handshake_recv_buffer[i].htype != hsk->htype) {
++				_gnutls_audit_log(
++					session,
++					"Discarded unexpected handshake packet "
++					"with duplicate sequence %d, but "
++					"mismatched type %s (previously %s)\n",
++					hsk->sequence,
++					_gnutls_handshake2str(hsk->htype),
++					_gnutls_handshake2str(
++						session->internals.handshake_recv_buffer[i].htype));
++				_gnutls_handshake_buffer_clear(hsk);
++				return 0;
++			}
+ 			exists = 1;
+ 			pos = i;
+ 			break;
+-- 
+2.35.6
+
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
new file mode 100644
index 0000000000..b26491840b
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
@@ -0,0 +1,47 @@
+From 23fdcec4c6b5669296295ad3a9f87f6467eeb0f3 Mon Sep 17 00:00:00 2001
+From: Joshua Rogers <joshua@joshua.hu>
+Date: Tue, 21 Apr 2026 18:11:39 +0200
+Subject: [PATCH] buffers: fix handshake_compare when sequence numbers
+ match
+
+The comparator function used for ordering DTLS packets
+by sequence numbers did not follow qsort comparator contracts
+in case of packets with duplicate sequence numbers,
+which could lead to unstable ordering or undefined behaviour.
+Returning 0 in such cases makes the sorting stable.
+
+CVE: CVE-2026-42009
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f]
+
+Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
+Fixes: #1848
+Fixes: CVE-2026-42009
+Fixes: GNUTLS-SA-2026-04-29-2
+CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+Signed-off-by: Joshua Rogers <joshua@joshua.hu>
+(cherry picked from commit f341441fad91142897d83b44a175ffc8f925b76f)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/buffers.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index e7f08b5625..1ac27e4e96 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -844,11 +844,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
+ {
+ 	const handshake_buffer_st *e1 = _e1;
+ 	const handshake_buffer_st *e2 = _e2;
+-
+-	if (e1->sequence <= e2->sequence)
+-		return 1;
+-	else
+-		return -1;
++	return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
+ }
+ 
+ #define SSL2_HEADERS 1
+-- 
+2.35.6
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index 6d43c58df2..d27d2cfa74 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -43,6 +43,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://CVE-2025-14831-7.patch \
            file://CVE-2025-14831-8.patch \
            file://CVE-2025-14831-9.patch \
+           file://CVE-2026-42009_p1.patch \
+           file://CVE-2026-42009_p2.patch \
            "
 
 SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
-- 
2.35.6



^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
  2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-22 14:58 ` Yoann Congal
  2026-07-06 17:26   ` Yoann Congal
  1 sibling, 1 reply; 7+ messages in thread
From: Yoann Congal @ 2026-06-22 14:58 UTC (permalink / raw)
  To: sudumbha, openembedded-core

On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
> From: Sudhir Dumbhare <sudumbha@cisco.com>
>
> Analysis:
>   - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
>   - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
>   - This vulnerable code is not present in the current GnuTLS 3.8.4.
>   - Hence ignoring the CVE for this version.
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2026-3832
> https://security-tracker.debian.org/tracker/CVE-2026-3832
> https://gitlab.com/gnutls/gnutls/-/issues/1801
>
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> ---

I think the CVE applies to wrynose. Can you send a fix there, and then,
ping back here?

Thanks!

>  meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> index ccb6a2b4b2..6d43c58df2 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> @@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
>          ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
>      fi
>  }
> +
> +CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009
  2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-22 15:09   ` Yoann Congal
  0 siblings, 0 replies; 7+ messages in thread
From: Yoann Congal @ 2026-06-22 15:09 UTC (permalink / raw)
  To: sudumbha, openembedded-core

On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
> From: Sudhir Dumbhare <sudumbha@cisco.com>
>
> This patch applies the upstream fix [1] and [2], as referenced in [3],
> to address a DTLS packet reordering flaw where duplicate sequence numbers
> could lead to unstable ordering or undefined behavior.
>
> [1] https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
> [2] https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
> [3] https://security-tracker.debian.org/tracker/CVE-2026-42009
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2026-42009
>
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> ---

Same as patch 1/2: please send a patch for wrynose.

Regards,

>  .../gnutls/gnutls/CVE-2026-42009_p1.patch     | 66 +++++++++++++++++++
>  .../gnutls/gnutls/CVE-2026-42009_p2.patch     | 47 +++++++++++++
>  meta/recipes-support/gnutls/gnutls_3.8.4.bb   |  2 +
>  3 files changed, 115 insertions(+)
>  create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
>  create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
>
> diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
> new file mode 100644
> index 0000000000..03214bab0e
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
> @@ -0,0 +1,66 @@
> +From e1f366666c12f431151a04ada9cf9a30d602751b Mon Sep 17 00:00:00 2001
> +From: Alexander Sosedkin <asosedkin@redhat.com>
> +Date: Tue, 21 Apr 2026 16:52:48 +0200
> +Subject: [PATCH] lib/buffers: ensure packets have differing sequence
> + numbers
> +
> +There should normally be no packets with same sequence number and
> +differing handshake type, unless an adversary crafts them.
> +Discarding them allows to get rid of packets
> +with duplicate sequence ID in the buffer,
> +relieving us from the question of how to sort them later.
> +
> +CVE: CVE-2026-42009
> +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d]
> +
> +Backport Changes:
> +- Adjusted the upstream hunk to match the GnuTLS 3.8.4 code layout.
> +- The upstream commit uses the local recv_buf alias introduced later
> +  in v3.8.13 by commit;
> +  https://gitlab.com/gnutls/gnutls/-/commit/9deffca528c23bbb218f5ec3bd4bb1bf4cbd1fc0.
> +- GnuTLS 3.8.4 does not have that local recv_buf alias in
> +  merge_handshake_packet(), so the backport replaces recv_buf[i] with the
> +  existing session->internals.handshake_recv_buffer[i] access pattern.
> +
> +Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
> +Fixes: #1848
> +Fixes: CVE-2026-42009
> +Fixes: GNUTLS-SA-2026-04-29-2
> +CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> +Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
> +(cherry picked from commit f01e21441e29052a6f0963840794c41d3b3ee66d)
> +Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> +---
> + lib/buffers.c | 16 ++++++++++++++--
> + 1 file changed, 14 insertions(+), 2 deletions(-)
> +
> +diff --git a/lib/buffers.c b/lib/buffers.c
> +index 672380b054..e7f08b5625 100644
> +--- a/lib/buffers.c
> ++++ b/lib/buffers.c
> +@@ -968,8 +968,20 @@ static int merge_handshake_packet(gnutls_session_t session,
> + 	int ret;
> + 
> + 	for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
> +-		if (session->internals.handshake_recv_buffer[i].htype ==
> +-		    hsk->htype) {
> ++		if (session->internals.handshake_recv_buffer[i].sequence == hsk->sequence) {
> ++			if (session->internals.handshake_recv_buffer[i].htype != hsk->htype) {
> ++				_gnutls_audit_log(
> ++					session,
> ++					"Discarded unexpected handshake packet "
> ++					"with duplicate sequence %d, but "
> ++					"mismatched type %s (previously %s)\n",
> ++					hsk->sequence,
> ++					_gnutls_handshake2str(hsk->htype),
> ++					_gnutls_handshake2str(
> ++						session->internals.handshake_recv_buffer[i].htype));
> ++				_gnutls_handshake_buffer_clear(hsk);
> ++				return 0;
> ++			}
> + 			exists = 1;
> + 			pos = i;
> + 			break;
> +-- 
> +2.35.6
> +
> diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
> new file mode 100644
> index 0000000000..b26491840b
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
> @@ -0,0 +1,47 @@
> +From 23fdcec4c6b5669296295ad3a9f87f6467eeb0f3 Mon Sep 17 00:00:00 2001
> +From: Joshua Rogers <joshua@joshua.hu>
> +Date: Tue, 21 Apr 2026 18:11:39 +0200
> +Subject: [PATCH] buffers: fix handshake_compare when sequence numbers
> + match
> +
> +The comparator function used for ordering DTLS packets
> +by sequence numbers did not follow qsort comparator contracts
> +in case of packets with duplicate sequence numbers,
> +which could lead to unstable ordering or undefined behaviour.
> +Returning 0 in such cases makes the sorting stable.
> +
> +CVE: CVE-2026-42009
> +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f]
> +
> +Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
> +Fixes: #1848
> +Fixes: CVE-2026-42009
> +Fixes: GNUTLS-SA-2026-04-29-2
> +CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> +Signed-off-by: Joshua Rogers <joshua@joshua.hu>
> +(cherry picked from commit f341441fad91142897d83b44a175ffc8f925b76f)
> +Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> +---
> + lib/buffers.c | 6 +-----
> + 1 file changed, 1 insertion(+), 5 deletions(-)
> +
> +diff --git a/lib/buffers.c b/lib/buffers.c
> +index e7f08b5625..1ac27e4e96 100644
> +--- a/lib/buffers.c
> ++++ b/lib/buffers.c
> +@@ -844,11 +844,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
> + {
> + 	const handshake_buffer_st *e1 = _e1;
> + 	const handshake_buffer_st *e2 = _e2;
> +-
> +-	if (e1->sequence <= e2->sequence)
> +-		return 1;
> +-	else
> +-		return -1;
> ++	return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
> + }
> + 
> + #define SSL2_HEADERS 1
> +-- 
> +2.35.6
> +
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> index 6d43c58df2..d27d2cfa74 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> @@ -43,6 +43,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
>             file://CVE-2025-14831-7.patch \
>             file://CVE-2025-14831-8.patch \
>             file://CVE-2025-14831-9.patch \
> +           file://CVE-2026-42009_p1.patch \
> +           file://CVE-2026-42009_p2.patch \
>             "
>  
>  SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
  2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
@ 2026-07-06 17:26   ` Yoann Congal
  2026-07-09  5:08     ` [scarthgap][PATCH " Sudhir Dumbhare
  2026-07-10 10:19     ` Sudhir Dumbhare
  0 siblings, 2 replies; 7+ messages in thread
From: Yoann Congal @ 2026-07-06 17:26 UTC (permalink / raw)
  To: Yoann Congal, sudumbha, openembedded-core

On Mon Jun 22, 2026 at 4:58 PM CEST, Yoann Congal wrote:
> On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
>> From: Sudhir Dumbhare <sudumbha@cisco.com>
>>
>> Analysis:
>>   - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
>>   - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
>>   - This vulnerable code is not present in the current GnuTLS 3.8.4.
>>   - Hence ignoring the CVE for this version.
>>
>> Reference:
>> https://nvd.nist.gov/vuln/detail/CVE-2026-3832
>> https://security-tracker.debian.org/tracker/CVE-2026-3832
>> https://gitlab.com/gnutls/gnutls/-/issues/1801
>>
>> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
>> ---
>
> I think the CVE applies to wrynose. Can you send a fix there, and then,
> ping back here?

Hello,

Gentle ping for this series. Do you plan to send the needed wrynose
patches?

Regards,

>
> Thanks!
>
>>  meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> index ccb6a2b4b2..6d43c58df2 100644
>> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> @@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
>>          ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
>>      fi
>>  }
>> +
>> +CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
  2026-07-06 17:26   ` Yoann Congal
@ 2026-07-09  5:08     ` Sudhir Dumbhare
  2026-07-10 10:19     ` Sudhir Dumbhare
  1 sibling, 0 replies; 7+ messages in thread
From: Sudhir Dumbhare @ 2026-07-09  5:08 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

Hi Yoann,
Thank you for the review and the gentle reminder.

currently working on this and will submit the wrynose patches for this series.

Thanks & Regards,
Sudhir

[-- Attachment #2: Type: text/html, Size: 212 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
  2026-07-06 17:26   ` Yoann Congal
  2026-07-09  5:08     ` [scarthgap][PATCH " Sudhir Dumbhare
@ 2026-07-10 10:19     ` Sudhir Dumbhare
  1 sibling, 0 replies; 7+ messages in thread
From: Sudhir Dumbhare @ 2026-07-10 10:19 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 493 bytes --]

Hello Yoann,
Thank you for your review and for pointing this out.
Reference: https://lore.kernel.org/all/417029.1783573706225625480@lists.openembedded.org/

I have submitted the patch series for the wrynose branch here:
[wrynose][PATCH 1/2] gnutls: Fix CVE-2026-3832 ( https://lists.openembedded.org/g/openembedded-core/message/240625 )
[wrynose][PATCH 2/2] gnutls: Fix CVE-2026-42009 ( https://lists.openembedded.org/g/openembedded-core/message/240626 )

Thanks and Regards,
Sudhir

[-- Attachment #2: Type: text/html, Size: 5138 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-07-10 10:19 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-22 15:09   ` Yoann Congal
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
2026-07-06 17:26   ` Yoann Congal
2026-07-09  5:08     ` [scarthgap][PATCH " Sudhir Dumbhare
2026-07-10 10:19     ` Sudhir Dumbhare

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox