[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

Control: tags -1 + confirmed

On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote:
> On 2016-10-09 Salvatore Bonaccorso <carnil@debian.org> wrote:
> [...]
> > Hi Stable Release Managers,
> 
> > X-Debbugs-CC'ed Andreas Metzler.
> 
> > gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3,
> > having a flaw in the OCSP certificate check. This was fixed upstream
> > and included in unstable with 3.5.3-4 but would not warrant a DSA.
> 
> > Attached is proposed debdiff for jessie. Would it be acceptable for an
> > upcoming point release?
> [...]
> 
> I think it makes sense to  add the GnuTLS patch for compatibitlity with
> CVE-2016-6489-patched nettle. (832983).

jessie's nettle doesn't appear to have been updated for that issue, but
I guess it still makes sense to include this for partial upgrades.

Please go ahead.

Regards,

Adam
Reply to: