{"affected":[{"ecosystem_specific":{"binaries":[{"gnutls":"3.6.7-lp151.2.18.1","gnutls-guile":"3.6.7-lp151.2.18.1","libgnutls-dane-devel":"3.6.7-lp151.2.18.1","libgnutls-dane0":"3.6.7-lp151.2.18.1","libgnutls-devel":"3.6.7-lp151.2.18.1","libgnutls-devel-32bit":"3.6.7-lp151.2.18.1","libgnutls30":"3.6.7-lp151.2.18.1","libgnutls30-32bit":"3.6.7-lp151.2.18.1","libgnutls30-hmac":"3.6.7-lp151.2.18.1","libgnutls30-hmac-32bit":"3.6.7-lp151.2.18.1","libgnutlsxx-devel":"3.6.7-lp151.2.18.1","libgnutlsxx28":"3.6.7-lp151.2.18.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"gnutls","purl":"pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.6.7-lp151.2.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gnutls fixes the following issues:\n\n- CVE-2020-13777: Fixed an insecure session ticket key construction which could \n  have made the TLS server to not bind the session ticket encryption key with a\n  value supplied by the application until the initial key rotation, allowing\n  an attacker to bypass authentication in TLS 1.3 and recover previous\n  conversations in TLS 1.2 (bsc#1172506).\n- Fixed an  improper handling of certificate chain with cross-signed intermediate\n  CA certificates (bsc#1172461).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0790-1","modified":"2020-06-10T17:41:13Z","published":"2020-06-10T17:41:13Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7AWWZAFHM4X4VDC2SELE3F2YGHU6D3KT/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172461"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172506"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13777"}],"related":["CVE-2020-13777"],"summary":"Security update for gnutls","upstream":["CVE-2020-13777"]}