Security update modifies (inofficial) ABI and hidden API

To: Debian Development <debian-devel@lists.debian.org>
Subject: Security update modifies (inofficial) ABI and hidden API
From: Martin Schulze <joey@infodrom.org>
Date: Sat, 11 Feb 2006 21:02:37 +0100
Message-id: <[🔎] 20060211200236.GM21840@finlandia.infodrom.north.de>

We could use some advice and help with the GnuTLS / libasn1 update
that would fix the vulnerabilities reported recently.

The fix for libasn1 adds arguments to exported function.  However,
these functions are named _asn_* and should not be used outside of
this library.

Unfortunately GnuTLS is doing exactly this, using these functions.

Other packages "should" not be affected.

GnuTLS is also problematic as it seems to use both its internal copy
of libasn and is linked about the libasn package.


The officially supported ABI+API hasn't been changed by the security
update.


We'll have to update libasn and GnuTLS at the same time anyway.

However, does the security update need to bump the soname as well?  If
so, is somebody willing to dig into its packaging and bump it?

What about GnuTLS?

Regards,

	Joey

-- 
Computers are not intelligent.  They only think they are.

Please always Cc to me when replying to me on the lists.

Reply to:

Follow-Ups:
- Re: Security update modifies (inofficial) ABI and hidden API
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Provides: scheme-interpreter
Next by Date: Re: Provides: scheme-interpreter
Previous by thread: Re: Provides: scheme-interpreter
Next by thread: Re: Security update modifies (inofficial) ABI and hidden API
Index(es):
- Date
- Thread