Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more

Jamie Strandboge jamie at canonical.com
Fri Dec 5 14:13:04 UTC 2008


Hi,

At Ubuntu, we encountered this bug after performing a security update,
which includes the patch from 2.6.1 and 2.6.2. These upstream patches
are also what are in sid's 2.4.2-3. This affects more than just Verisign,
and seems the cause is when the last certificate in the chain is a
self-signed CA. Upstream's 2.6.2 is also affected.

See https://bugs.launchpad.net/debian/+source/gnutls26/+bug/305264/
for some more information.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506853 may also be
related.

This is also being discussed upstream in:
http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00006.html

Thanks






More information about the Pkg-gnutls-maint mailing list