Fedora has issued an advisory on July 31: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5NRKG3OBVPVFJTDYYF6SZH5KZIWFLVPW/ The issue is fixed upstream in 3.7.7: https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
Assigning to the base system maintainers (there is no registered maintainer for this package).
CC: (none) => marja11Assignee: bugsquad => basesystem
Ubuntu has issued an advisory for this on August 4: https://ubuntu.com/security/notices/USN-5550-1
Debian has issued an advisory for this on August 8: https://www.debian.org/security/2022/dsa-5203
SUSE has issued an advisory for this today (August 17): https://lists.suse.com/pipermail/sle-security-updates/2022-August/011930.html
Suggested advisory: ======================== The updated packages fix a security vulnerability: A double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. (CVE-2022-2509) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5NRKG3OBVPVFJTDYYF6SZH5KZIWFLVPW/ https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07 https://ubuntu.com/security/notices/USN-5550-1 https://www.debian.org/security/2022/dsa-5203 https://lists.suse.com/pipermail/sle-security-updates/2022-August/011930.html ======================== Updated packages in core/updates_testing: ======================== gnutls-3.6.15-3.3.mga8 lib(64)gnutls30-3.6.15-3.3.mga8 lib(64)gnutlsxx28-3.6.15-3.3.mga8 lib(64)gnutls-devel-3.6.15-3.3.mga8 from SRPM: gnutls-3.6.15-3.3.mga8.src.rpm
CVE: (none) => CVE-2022-2509CC: (none) => nicolas.salgueroAssignee: basesystem => qa-bugsStatus: NEW => ASSIGNED
No regressions noticed or reported. Validating.
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0301.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED