gnutls28 (3.6.7-3) unstable; urgency=medium . * Revert debhelper upgrade, use DH 10. gnutls28 (3.6.7-2) unstable; urgency=medium . * Upload to unstable. gnutls28 (3.6.7-1) experimental; urgency=medium . * New upstream version. + Update AUTHOR list in copyright file. + Update symbol file. + Fixes issue preventing sending and receiving from different threads when false start was enabled. Closes: #922879 + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477 + Fixes a memory corruption (double free) vulnerability in the certificate verification API. https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 GNUTLS-SA-2019-03-27 + Fixes an invalid pointer access via malformed TLS1.3 async messages; https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 GNUTLS-SA-2019-03-27 gnutls28 (3.6.6-3) unstable; urgency=low . * Add @ to autopkgtest's Depends. * Use DH 11 compat. libsass (3.5.5-4) unstable; urgency=high . * Add patches cherry-picked upstream to fix buffer-overflow and null pointer dereference. CVE-2018-19839 CVE-2018-20190. * Set urgency=high due to security bugfixes. libsass (3.5.5-3) unstable; urgency=high . * Add patches cherry-picked upstream to fix heap-buffer-overflow and heap-use-after-free security bugs. Thanks to Xavier Guimard. Closes: Bug#900182. CVE-2018-11499 CVE-2018-19827 CVE-2019-6283 CVE-2019-6284 CVE-2019-6286. * Set urgency=high due to security bugfixes. libzorpll (7.0.1.0~alpha1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Apply patch from Andreas Beckmann to add "Breaks" on libzorpll-6.0-10-dev and libssl1.0-dev for smoother upgrades from stretch. This resulted from the switch from libssl1.0-dev to libssl-dev. (Closes: #928883)