Bug#964435: buster-pu: package glib-networking/2.58.0-2+deb10u1
On Sat, 2020-07-11 at 13:54 +0200, Emilio Pozuelo Monfort wrote:
> On 07/07/2020 17:14, Simon McVittie wrote:
> > Control: tags -1 + moreinfo
> >
> > On Tue, 07 Jul 2020 at 16:50:36 +0200, Emilio Pozuelo Monfort
> > wrote:
> > > On 07/07/2020 11:04, Simon McVittie wrote:
> > > > The only application that was believed to be vulnerable to this
> > > > in practice is balsa, which only became vulnerable in post-
> > > > buster versions; older versions such as the one in buster
> > > > implemented their own TLS.
[...]
> > If balsa in buster is affected by this, then we'll need to hold off
> > on doing this stable-update until a matching version of balsa is
> > ready, like I originally suspected was going to be necessary.
[...]
> I have verified that balsa needed a fix, and uploaded it to buster-
> pu, see #964860.
>
> Should we add a breaks to glib-networking?
That seems like a good idea, given that we know the new glib-networking
+ old balsa combination won't work.
Regards,
Adam
Reply to: