Please consider gnutls26 2.4.2-6 for lenny

Andreas Metzler ametzler at
Wed Feb 11 18:42:26 UTC 2009


I have uploaded gnutls26 2.4.2-6 on saturday, the upload is targeted
for lenny. I know it is rather late, but the timing was not in my

| New patches, syncing with 2.4.3 upstream oldstable release:
| + 24_intermedcertificate.patch If a non-root certificate ist trusted
|   gnutls certificateificate verification stops there instead of checking
|   up to the root of the certificate chain.

This provides a workaround against the changed behavior with respect
to x509 v1 CA after the fix for CVE-2008-4989. People can make the
intermediate certificate trusted to work around the fact that GnuTLS
will not trust certs signed by the toplevel x509 v1 CA cert anymore

| + 22_whitespace.patch - Whitespace only changes, to make it possible to
|   apply upstream fixes without manual changes.

It is rather short, too.

| + 25_bufferoverrun.patch. Fix buffer overrun bug in
|   gnutls_x509_crt_list_import.

An earlier that I somehow overlooked and forgot to pull from upstream

thanks, cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list