Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746

To: Stefan Fritsch <sf@sfritsch.de>
Cc: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>, team@security.debian.org, debian-release@lists.debian.org
Subject: Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 18 Dec 2010 15:13:46 +0100
Message-id: <[🔎] 20101218141346.GJ5063@radis.liafa.jussieu.fr>
In-reply-to: <[🔎] 201012080907.30957.sf@sfritsch.de>
References: <201012052107.36440.sf@sfritsch.de> <[🔎] 201012062305.01275.sf@sfritsch.de> <[🔎] 87tyiqype8.fsf@latte.josefsson.org> <[🔎] 201012080907.30957.sf@sfritsch.de>

On Wed, Dec  8, 2010 at 09:07:30 +0100, Stefan Fritsch wrote:

> OK. I think the best way forward is this:
> 
> - We will not include gnutls in the first round of RFC5746-DSAs for 
> Lenny, which I hope to release before Christmas.
> - gnutls in squeeze will be updated by backport to 2.8.6 rather than 
> by upgrading to 2.10. This will happen as soon as someone has the time 
> to do the testing. IMHO, this can also be done in a DSA or point 
> release and should not delay squeeze's release.
> - When the backport+testing for 2.8.6 is done, we can decide about 
> what to do with 2.4.2 in Lenny.
> 
Thanks for the summary.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
  - From: Stefan Fritsch <sf@sfritsch.de>
- Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#599534: marked as done (unblock: python-distutils-extra 2.22-2)
Next by Date: Bug#606129: unblock: tla/1.3.5+dfsg-16
Previous by thread: Re: Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
Next by thread: Bug#606164: unblock: tftp-hpa/5.0-18
Index(es):
- Date
- Thread