From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed, 29 Apr 2026 10:20:20 +0000 (+0200)
Subject: NEWS: add an entry for #1808
X-Git-Tag: 3.8.13^2~26
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=50aa07bf2a0578e589bc25ae93ebc9470e46613e;p=thirdparty%2Fgnutls.git

NEWS: add an entry for #1808

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
---

diff --git a/NEWS b/NEWS
index 15957c9e1c..3914eaaa35 100644
--- a/NEWS
+++ b/NEWS
@@ -114,6 +114,11 @@ See the end for copying conditions.
    Reported by Doria Tang of Stony Brook University.
    [GNUTLS-SA-2026-04-29-13, CVSS: low] [CVE-2026-5419]
 
+** libgnutls: Fix PSK username comparison during rehandshake
+   Rehandshaking to a username with embedded NUL character could theoretically
+   allow bypassing the GNUTLS_ALLOW_ID_CHANGE protection (#1808).
+   Reported and fixed by Joshua Rogers of AISLE Research Team.
+
 ** build: Support building with Nettle 4.0
    Nettle 4.0 was released in Feburary 2026, with API incompatibile
    changes from 3.10. The library can now compile with it, while