Please test gnutls26 update
I prepared an update of gnutls26 for squeeze:
$ dget https://people.debian.org/~hertzog/packages/gnutls26_2.8.6-1+squeeze5_amd64.changes
This version seems to work for me. I was able to verify that CVE-2015-0294
is fixed with the test case at
For CVE-2015-0282, I used the patch of Red Hat and the test
but unfortunately, I don't get a hard failure with certtool, see
https://bugzilla.redhat.com/show_bug.cgi?id=1194371#c7 but it seems
to correctly detect that the certificate can't be verified... so I'm
tempted to believe that the patch is working correctly anyway.
I see the same behaviour with the updated gnutls26 in wheezy-security
(ccing Salvatore who prepared the wheezy update in case he has some
feedback on this problem).
For CVE-2014-8155, I have no test case.
Please test the packages and report back if you find any regressions.
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/