* [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
@ 2026-06-13 10:25 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
0 siblings, 2 replies; 7+ messages in thread
From: Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-06-13 10:25 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
Analysis:
- CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
- The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
- This vulnerable code is not present in the current GnuTLS 3.8.4.
- Hence ignoring the CVE for this version.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-3832
https://security-tracker.debian.org/tracker/CVE-2026-3832
https://gitlab.com/gnutls/gnutls/-/issues/1801
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index ccb6a2b4b2..6d43c58df2 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
fi
}
+
+CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"
--
2.35.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009
2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-13 10:25 ` Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-22 15:09 ` Yoann Congal
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
1 sibling, 1 reply; 7+ messages in thread
From: Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-06-13 10:25 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This patch applies the upstream fix [1] and [2], as referenced in [3],
to address a DTLS packet reordering flaw where duplicate sequence numbers
could lead to unstable ordering or undefined behavior.
[1] https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
[2] https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
[3] https://security-tracker.debian.org/tracker/CVE-2026-42009
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-42009
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
.../gnutls/gnutls/CVE-2026-42009_p1.patch | 66 +++++++++++++++++++
.../gnutls/gnutls/CVE-2026-42009_p2.patch | 47 +++++++++++++
meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 +
3 files changed, 115 insertions(+)
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
new file mode 100644
index 0000000000..03214bab0e
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
@@ -0,0 +1,66 @@
+From e1f366666c12f431151a04ada9cf9a30d602751b Mon Sep 17 00:00:00 2001
+From: Alexander Sosedkin <asosedkin@redhat.com>
+Date: Tue, 21 Apr 2026 16:52:48 +0200
+Subject: [PATCH] lib/buffers: ensure packets have differing sequence
+ numbers
+
+There should normally be no packets with same sequence number and
+differing handshake type, unless an adversary crafts them.
+Discarding them allows to get rid of packets
+with duplicate sequence ID in the buffer,
+relieving us from the question of how to sort them later.
+
+CVE: CVE-2026-42009
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d]
+
+Backport Changes:
+- Adjusted the upstream hunk to match the GnuTLS 3.8.4 code layout.
+- The upstream commit uses the local recv_buf alias introduced later
+ in v3.8.13 by commit;
+ https://gitlab.com/gnutls/gnutls/-/commit/9deffca528c23bbb218f5ec3bd4bb1bf4cbd1fc0.
+- GnuTLS 3.8.4 does not have that local recv_buf alias in
+ merge_handshake_packet(), so the backport replaces recv_buf[i] with the
+ existing session->internals.handshake_recv_buffer[i] access pattern.
+
+Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
+Fixes: #1848
+Fixes: CVE-2026-42009
+Fixes: GNUTLS-SA-2026-04-29-2
+CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
+(cherry picked from commit f01e21441e29052a6f0963840794c41d3b3ee66d)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/buffers.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index 672380b054..e7f08b5625 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -968,8 +968,20 @@ static int merge_handshake_packet(gnutls_session_t session,
+ int ret;
+
+ for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+- if (session->internals.handshake_recv_buffer[i].htype ==
+- hsk->htype) {
++ if (session->internals.handshake_recv_buffer[i].sequence == hsk->sequence) {
++ if (session->internals.handshake_recv_buffer[i].htype != hsk->htype) {
++ _gnutls_audit_log(
++ session,
++ "Discarded unexpected handshake packet "
++ "with duplicate sequence %d, but "
++ "mismatched type %s (previously %s)\n",
++ hsk->sequence,
++ _gnutls_handshake2str(hsk->htype),
++ _gnutls_handshake2str(
++ session->internals.handshake_recv_buffer[i].htype));
++ _gnutls_handshake_buffer_clear(hsk);
++ return 0;
++ }
+ exists = 1;
+ pos = i;
+ break;
+--
+2.35.6
+
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
new file mode 100644
index 0000000000..b26491840b
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
@@ -0,0 +1,47 @@
+From 23fdcec4c6b5669296295ad3a9f87f6467eeb0f3 Mon Sep 17 00:00:00 2001
+From: Joshua Rogers <joshua@joshua.hu>
+Date: Tue, 21 Apr 2026 18:11:39 +0200
+Subject: [PATCH] buffers: fix handshake_compare when sequence numbers
+ match
+
+The comparator function used for ordering DTLS packets
+by sequence numbers did not follow qsort comparator contracts
+in case of packets with duplicate sequence numbers,
+which could lead to unstable ordering or undefined behaviour.
+Returning 0 in such cases makes the sorting stable.
+
+CVE: CVE-2026-42009
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f]
+
+Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
+Fixes: #1848
+Fixes: CVE-2026-42009
+Fixes: GNUTLS-SA-2026-04-29-2
+CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+Signed-off-by: Joshua Rogers <joshua@joshua.hu>
+(cherry picked from commit f341441fad91142897d83b44a175ffc8f925b76f)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/buffers.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index e7f08b5625..1ac27e4e96 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -844,11 +844,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
+ {
+ const handshake_buffer_st *e1 = _e1;
+ const handshake_buffer_st *e2 = _e2;
+-
+- if (e1->sequence <= e2->sequence)
+- return 1;
+- else
+- return -1;
++ return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
+ }
+
+ #define SSL2_HEADERS 1
+--
+2.35.6
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index 6d43c58df2..d27d2cfa74 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -43,6 +43,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://CVE-2025-14831-7.patch \
file://CVE-2025-14831-8.patch \
file://CVE-2025-14831-9.patch \
+ file://CVE-2026-42009_p1.patch \
+ file://CVE-2026-42009_p2.patch \
"
SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
--
2.35.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-22 14:58 ` Yoann Congal
2026-07-06 17:26 ` Yoann Congal
1 sibling, 1 reply; 7+ messages in thread
From: Yoann Congal @ 2026-06-22 14:58 UTC (permalink / raw)
To: sudumbha, openembedded-core
On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
> From: Sudhir Dumbhare <sudumbha@cisco.com>
>
> Analysis:
> - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
> - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
> - This vulnerable code is not present in the current GnuTLS 3.8.4.
> - Hence ignoring the CVE for this version.
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2026-3832
> https://security-tracker.debian.org/tracker/CVE-2026-3832
> https://gitlab.com/gnutls/gnutls/-/issues/1801
>
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> ---
I think the CVE applies to wrynose. Can you send a fix there, and then,
ping back here?
Thanks!
> meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> index ccb6a2b4b2..6d43c58df2 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> @@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
> ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
> fi
> }
> +
> +CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-06-22 15:09 ` Yoann Congal
0 siblings, 0 replies; 7+ messages in thread
From: Yoann Congal @ 2026-06-22 15:09 UTC (permalink / raw)
To: sudumbha, openembedded-core
On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
> From: Sudhir Dumbhare <sudumbha@cisco.com>
>
> This patch applies the upstream fix [1] and [2], as referenced in [3],
> to address a DTLS packet reordering flaw where duplicate sequence numbers
> could lead to unstable ordering or undefined behavior.
>
> [1] https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
> [2] https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
> [3] https://security-tracker.debian.org/tracker/CVE-2026-42009
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2026-42009
>
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> ---
Same as patch 1/2: please send a patch for wrynose.
Regards,
> .../gnutls/gnutls/CVE-2026-42009_p1.patch | 66 +++++++++++++++++++
> .../gnutls/gnutls/CVE-2026-42009_p2.patch | 47 +++++++++++++
> meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 +
> 3 files changed, 115 insertions(+)
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
>
> diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
> new file mode 100644
> index 0000000000..03214bab0e
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p1.patch
> @@ -0,0 +1,66 @@
> +From e1f366666c12f431151a04ada9cf9a30d602751b Mon Sep 17 00:00:00 2001
> +From: Alexander Sosedkin <asosedkin@redhat.com>
> +Date: Tue, 21 Apr 2026 16:52:48 +0200
> +Subject: [PATCH] lib/buffers: ensure packets have differing sequence
> + numbers
> +
> +There should normally be no packets with same sequence number and
> +differing handshake type, unless an adversary crafts them.
> +Discarding them allows to get rid of packets
> +with duplicate sequence ID in the buffer,
> +relieving us from the question of how to sort them later.
> +
> +CVE: CVE-2026-42009
> +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d]
> +
> +Backport Changes:
> +- Adjusted the upstream hunk to match the GnuTLS 3.8.4 code layout.
> +- The upstream commit uses the local recv_buf alias introduced later
> + in v3.8.13 by commit;
> + https://gitlab.com/gnutls/gnutls/-/commit/9deffca528c23bbb218f5ec3bd4bb1bf4cbd1fc0.
> +- GnuTLS 3.8.4 does not have that local recv_buf alias in
> + merge_handshake_packet(), so the backport replaces recv_buf[i] with the
> + existing session->internals.handshake_recv_buffer[i] access pattern.
> +
> +Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
> +Fixes: #1848
> +Fixes: CVE-2026-42009
> +Fixes: GNUTLS-SA-2026-04-29-2
> +CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> +Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
> +(cherry picked from commit f01e21441e29052a6f0963840794c41d3b3ee66d)
> +Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> +---
> + lib/buffers.c | 16 ++++++++++++++--
> + 1 file changed, 14 insertions(+), 2 deletions(-)
> +
> +diff --git a/lib/buffers.c b/lib/buffers.c
> +index 672380b054..e7f08b5625 100644
> +--- a/lib/buffers.c
> ++++ b/lib/buffers.c
> +@@ -968,8 +968,20 @@ static int merge_handshake_packet(gnutls_session_t session,
> + int ret;
> +
> + for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
> +- if (session->internals.handshake_recv_buffer[i].htype ==
> +- hsk->htype) {
> ++ if (session->internals.handshake_recv_buffer[i].sequence == hsk->sequence) {
> ++ if (session->internals.handshake_recv_buffer[i].htype != hsk->htype) {
> ++ _gnutls_audit_log(
> ++ session,
> ++ "Discarded unexpected handshake packet "
> ++ "with duplicate sequence %d, but "
> ++ "mismatched type %s (previously %s)\n",
> ++ hsk->sequence,
> ++ _gnutls_handshake2str(hsk->htype),
> ++ _gnutls_handshake2str(
> ++ session->internals.handshake_recv_buffer[i].htype));
> ++ _gnutls_handshake_buffer_clear(hsk);
> ++ return 0;
> ++ }
> + exists = 1;
> + pos = i;
> + break;
> +--
> +2.35.6
> +
> diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
> new file mode 100644
> index 0000000000..b26491840b
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls/CVE-2026-42009_p2.patch
> @@ -0,0 +1,47 @@
> +From 23fdcec4c6b5669296295ad3a9f87f6467eeb0f3 Mon Sep 17 00:00:00 2001
> +From: Joshua Rogers <joshua@joshua.hu>
> +Date: Tue, 21 Apr 2026 18:11:39 +0200
> +Subject: [PATCH] buffers: fix handshake_compare when sequence numbers
> + match
> +
> +The comparator function used for ordering DTLS packets
> +by sequence numbers did not follow qsort comparator contracts
> +in case of packets with duplicate sequence numbers,
> +which could lead to unstable ordering or undefined behaviour.
> +Returning 0 in such cases makes the sorting stable.
> +
> +CVE: CVE-2026-42009
> +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f]
> +
> +Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
> +Fixes: #1848
> +Fixes: CVE-2026-42009
> +Fixes: GNUTLS-SA-2026-04-29-2
> +CVSS: 7.5 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> +Signed-off-by: Joshua Rogers <joshua@joshua.hu>
> +(cherry picked from commit f341441fad91142897d83b44a175ffc8f925b76f)
> +Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> +---
> + lib/buffers.c | 6 +-----
> + 1 file changed, 1 insertion(+), 5 deletions(-)
> +
> +diff --git a/lib/buffers.c b/lib/buffers.c
> +index e7f08b5625..1ac27e4e96 100644
> +--- a/lib/buffers.c
> ++++ b/lib/buffers.c
> +@@ -844,11 +844,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
> + {
> + const handshake_buffer_st *e1 = _e1;
> + const handshake_buffer_st *e2 = _e2;
> +-
> +- if (e1->sequence <= e2->sequence)
> +- return 1;
> +- else
> +- return -1;
> ++ return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
> + }
> +
> + #define SSL2_HEADERS 1
> +--
> +2.35.6
> +
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> index 6d43c58df2..d27d2cfa74 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
> @@ -43,6 +43,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
> file://CVE-2025-14831-7.patch \
> file://CVE-2025-14831-8.patch \
> file://CVE-2025-14831-9.patch \
> + file://CVE-2026-42009_p1.patch \
> + file://CVE-2026-42009_p2.patch \
> "
>
> SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
@ 2026-07-06 17:26 ` Yoann Congal
2026-07-09 5:08 ` [scarthgap][PATCH " Sudhir Dumbhare
2026-07-10 10:19 ` Sudhir Dumbhare
0 siblings, 2 replies; 7+ messages in thread
From: Yoann Congal @ 2026-07-06 17:26 UTC (permalink / raw)
To: Yoann Congal, sudumbha, openembedded-core
On Mon Jun 22, 2026 at 4:58 PM CEST, Yoann Congal wrote:
> On Sat Jun 13, 2026 at 12:25 PM CEST, Sudhir Dumbhare via lists.openembedded.org wrote:
>> From: Sudhir Dumbhare <sudumbha@cisco.com>
>>
>> Analysis:
>> - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
>> - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
>> - This vulnerable code is not present in the current GnuTLS 3.8.4.
>> - Hence ignoring the CVE for this version.
>>
>> Reference:
>> https://nvd.nist.gov/vuln/detail/CVE-2026-3832
>> https://security-tracker.debian.org/tracker/CVE-2026-3832
>> https://gitlab.com/gnutls/gnutls/-/issues/1801
>>
>> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
>> ---
>
> I think the CVE applies to wrynose. Can you send a fix there, and then,
> ping back here?
Hello,
Gentle ping for this series. Do you plan to send the needed wrynose
patches?
Regards,
>
> Thanks!
>
>> meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> index ccb6a2b4b2..6d43c58df2 100644
>> --- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> +++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
>> @@ -124,3 +124,5 @@ pkg_postinst_ontarget:${PN}-fips () {
>> ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
>> fi
>> }
>> +
>> +CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
2026-07-06 17:26 ` Yoann Congal
@ 2026-07-09 5:08 ` Sudhir Dumbhare
2026-07-10 10:19 ` Sudhir Dumbhare
1 sibling, 0 replies; 7+ messages in thread
From: Sudhir Dumbhare @ 2026-07-09 5:08 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 173 bytes --]
Hi Yoann,
Thank you for the review and the gentle reminder.
currently working on this and will submit the wrynose patches for this series.
Thanks & Regards,
Sudhir
[-- Attachment #2: Type: text/html, Size: 212 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832
2026-07-06 17:26 ` Yoann Congal
2026-07-09 5:08 ` [scarthgap][PATCH " Sudhir Dumbhare
@ 2026-07-10 10:19 ` Sudhir Dumbhare
1 sibling, 0 replies; 7+ messages in thread
From: Sudhir Dumbhare @ 2026-07-10 10:19 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 493 bytes --]
Hello Yoann,
Thank you for your review and for pointing this out.
Reference: https://lore.kernel.org/all/417029.1783573706225625480@lists.openembedded.org/
I have submitted the patch series for the wrynose branch here:
[wrynose][PATCH 1/2] gnutls: Fix CVE-2026-3832 ( https://lists.openembedded.org/g/openembedded-core/message/240625 )
[wrynose][PATCH 2/2] gnutls: Fix CVE-2026-42009 ( https://lists.openembedded.org/g/openembedded-core/message/240626 )
Thanks and Regards,
Sudhir
[-- Attachment #2: Type: text/html, Size: 5138 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2026-07-10 10:19 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-13 10:25 [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-13 10:25 ` [OE-core][scarthgap][PATCH 2/2] gnutls: fix CVE-2026-42009 Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-06-22 15:09 ` Yoann Congal
2026-06-22 14:58 ` [OE-core][scarthgap][PATCH 1/2] gnutls: set status for CVE-2026-3832 Yoann Congal
2026-07-06 17:26 ` Yoann Congal
2026-07-09 5:08 ` [scarthgap][PATCH " Sudhir Dumbhare
2026-07-10 10:19 ` Sudhir Dumbhare
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox