Bug#514807: Regression in libgnutls security update

Florian Weimer fw at deneb.enyo.de
Wed Feb 25 19:29:47 UTC 2009

* Andreas Metzler:

> I have been watching this play out since other people participating in
> this thread are more knowledgable than me. From what I have read I
> also think this might the right thing to do. Do you intend to push
> this through security or proposed updates?

I've uploaded changed packages to the security queue, but only
containing Simon's patch, without any documentation updates.  We still
lack a fair number of builds for etch, so it's still time to do
something about the documentation.  It's less an issue for etch
because I doubt that there is a 1.4.4 version with different behavior,
but I see that updated documentation would make sense for the lenny
version.  If you want me to go ahead with the security errata, we can
still provide updated documentation via stable-proposed-updates.

I've got no particular opinion on the behavior for squeeze yet.  If we
can implement a more appropriate API (or even just a system-wide
configuration option), this would be fine.

More information about the Pkg-gnutls-maint mailing list