[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security update modifies (inofficial) ABI and hidden API

We could use some advice and help with the GnuTLS / libasn1 update
that would fix the vulnerabilities reported recently.

The fix for libasn1 adds arguments to exported function.  However,
these functions are named _asn_* and should not be used outside of
this library.

Unfortunately GnuTLS is doing exactly this, using these functions.

Other packages "should" not be affected.

GnuTLS is also problematic as it seems to use both its internal copy
of libasn and is linked about the libasn package.

The officially supported ABI+API hasn't been changed by the security

We'll have to update libasn and GnuTLS at the same time anyway.

However, does the security update need to bump the soname as well?  If
so, is somebody willing to dig into its packaging and bump it?

What about GnuTLS?



Computers are not intelligent.  They only think they are.

Please always Cc to me when replying to me on the lists.

Reply to: