diff mbox series

[scarthgap,1/2] gnutls: set status for CVE-2026-3832

Message ID 20260613102520.3703528-1-sudumbha@cisco.com
State New
Headers show
Series [scarthgap,1/2] gnutls: set status for CVE-2026-3832 | expand

Commit Message

Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) June 13, 2026, 10:25 a.m. UTC 
From: Sudhir Dumbhare <sudumbha@cisco.com>

Analysis:
  - CVE-2026-3832 affects GnuTLS OCSP multi-record response handling.
  - The vulnerable OCSP response handling code was introduced in GnuTLS 3.8.8.
  - This vulnerable code is not present in the current GnuTLS 3.8.4.
  - Hence ignoring the CVE for this version.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-3832
https://security-tracker.debian.org/tracker/CVE-2026-3832
https://gitlab.com/gnutls/gnutls/-/issues/1801

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
 meta/recipes-support/gnutls/gnutls_3.8.4.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index ccb6a2b4b2..6d43c58df2 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -124,3 +124,5 @@  pkg_postinst_ontarget:${PN}-fips () {
         ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
     fi
 }
+
+CVE_STATUS[CVE-2026-3832] = "fixed-version: vulnerable multi-record OCSP response handling was introduced in 3.8.8 and is not present in 3.8.4"