Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1

To: Emilio Pozuelo Monfort <pochu@debian.org>, 964435@bugs.debian.org, Simon McVittie <smcv@debian.org>, Daniel Kahn Gillmor <dkg@debian.org>
Subject: Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 11 Jul 2020 13:49:12 +0100
Message-id: <[🔎] 456c8a756f6b6ae3540d6e8fb8eb724277231179.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 964435@bugs.debian.org
In-reply-to: <[🔎] d8b68f45-fa65-4113-7e5f-d6cc15725cdf@debian.org>
References: <[🔎] 20200707090439.GA388733@espresso.pseudorandom.co.uk> <[🔎] bdd16b25-e37f-34cd-22d2-7542ae6b0ac8@debian.org> <[🔎] 20200707151438.GA422944@espresso.pseudorandom.co.uk> <[🔎] 20200707090439.GA388733@espresso.pseudorandom.co.uk> <[🔎] d8b68f45-fa65-4113-7e5f-d6cc15725cdf@debian.org> <[🔎] 20200707090439.GA388733@espresso.pseudorandom.co.uk>

On Sat, 2020-07-11 at 13:54 +0200, Emilio Pozuelo Monfort wrote:
> On 07/07/2020 17:14, Simon McVittie wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Tue, 07 Jul 2020 at 16:50:36 +0200, Emilio Pozuelo Monfort
> > wrote:
> > > On 07/07/2020 11:04, Simon McVittie wrote:
> > > > The only application that was believed to be vulnerable to this
> > > > in practice is balsa, which only became vulnerable in post-
> > > > buster versions; older versions such as the one in buster
> > > > implemented their own TLS.
[...]
> > If balsa in buster is affected by this, then we'll need to hold off
> > on doing this stable-update until a matching version of balsa is
> > ready, like I originally suspected was going to be necessary.
[...]
> I have verified that balsa needed a fix, and uploaded it to buster-
> pu, see #964860.
> 
> Should we add a breaks to glib-networking?

That seems like a good idea, given that we know the new glib-networking 
+ old balsa combination won't work.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

References:
- Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
  - From: Simon McVittie <smcv@debian.org>
- Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
  - From: Simon McVittie <smcv@debian.org>
- Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1
Next by Date: Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
Previous by thread: Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
Next by thread: Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
Index(es):
- Date
- Thread