Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4
Control: tags -1 + confirmed
On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote:
> On 2016-10-09 Salvatore Bonaccorso <carnil@debian.org> wrote:
> [...]
> > Hi Stable Release Managers,
>
> > X-Debbugs-CC'ed Andreas Metzler.
>
> > gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3,
> > having a flaw in the OCSP certificate check. This was fixed upstream
> > and included in unstable with 3.5.3-4 but would not warrant a DSA.
>
> > Attached is proposed debdiff for jessie. Would it be acceptable for an
> > upcoming point release?
> [...]
>
> I think it makes sense to add the GnuTLS patch for compatibitlity with
> CVE-2016-6489-patched nettle. (832983).
jessie's nettle doesn't appear to have been updated for that issue, but
I guess it still makes sense to include this for partial upgrades.
Please go ahead.
Regards,
Adam
Reply to: