Oh my, this is rather bad. Now I'm busy figuring out whether I use GnuTLS anywere...
This bug was introduced in GnuTLS 3.6.4 and fixed in 3.6.14. The big issue: the damage is already done, installing the fix ASAP won't undo it. It's known that at least NSA store data of encrypted connections, in the hopes of decrypting later. And now they can, if GnuTLS was used.
In-depth description of the GnuTLS issues: https://blog.filippo.io/we-need-to-talk-about-session-tickets/
A Mastodon instance for info/cyber security-minded people.