[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

nasty libgnutls11 bug still present (affects exim4 and libnss-ldap)


the nasty libgnutls11 bug described at


is still present in the newest Sarge version 1.0.16-13.2 just released
with Sarge 3.1r2, but the bug report is still closed. Already in
January, I wrote an e-mail to the bug report to reopen the bug or
(even better) to fix it for the next Sarge update, since this bug
renders the package essentially unusable for production environments
(e.g. exim4 connecting to LDAP over SSL, or libnss-ldap, see bug report).

I didn't get any response yet, nor has been any activity there to fix
the bug AFAIKS. Could someone please have a look at it. I doubt that
we are the only ones using exim4 with LDAP connections on a server
running Sarge.

The fix is contained in the 3rd mail to the bug report together with
some additional links where the problem is technically discussed. The
patch is simple (affects approx. 10 lines of code in one file) and it
still applies cleanly to 1.0.16-13.2.

At the very least, could you please reopen bug #325971 so that people
can find out what's wrong with their server.

best regards,


(There was a package in October 2005 in proposed-updates
(1.0.16-13.1sarge1) containing the fix, but it disappeared with the
sarge update 3.1r1 since there were additional changes in it rejected
by the release team.)

Daniel Hermann,      Institut fuer Theoretische Festkoerperphysik
Universitaet Karlsruhe                  Tel: ++49 (0)721 608-7328
Postfach 6980                           Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany

Reply to: