Security update modifies (inofficial) ABI and hidden API
We could use some advice and help with the GnuTLS / libasn1 update
that would fix the vulnerabilities reported recently.
The fix for libasn1 adds arguments to exported function. However,
these functions are named _asn_* and should not be used outside of
Unfortunately GnuTLS is doing exactly this, using these functions.
Other packages "should" not be affected.
GnuTLS is also problematic as it seems to use both its internal copy
of libasn and is linked about the libasn package.
The officially supported ABI+API hasn't been changed by the security
We'll have to update libasn and GnuTLS at the same time anyway.
However, does the security update need to bump the soname as well? If
so, is somebody willing to dig into its packaging and bump it?
What about GnuTLS?
Computers are not intelligent. They only think they are.
Please always Cc to me when replying to me on the lists.