[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please test gnutls26 update


I prepared an update of gnutls26 for squeeze:
$ dget https://people.debian.org/~hertzog/packages/gnutls26_2.8.6-1+squeeze5_amd64.changes

This version seems to work for me. I was able to verify that CVE-2015-0294
is fixed with the test case at

For CVE-2015-0282, I used the patch of Red Hat and the test
case at
but unfortunately, I don't get a hard failure with certtool, see
https://bugzilla.redhat.com/show_bug.cgi?id=1194371#c7 but it seems
to correctly detect that the certificate can't be verified... so I'm
tempted to believe that the patch is working correctly anyway.
I see the same behaviour with the updated gnutls26 in wheezy-security
(ccing Salvatore who prepared the wheezy update in case he has some
feedback on this problem).

For CVE-2014-8155, I have no test case. 

Please test the packages and report back if you find any regressions.

Thank you!
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to: