Gnutls and secure renegotiation / CVE-2009-3555 / RFC 5746
Julien Cristau
jcristau at debian.org
Sat Dec 18 14:13:46 UTC 2010
On Wed, Dec 8, 2010 at 09:07:30 +0100, Stefan Fritsch wrote:
> OK. I think the best way forward is this:
>
> - We will not include gnutls in the first round of RFC5746-DSAs for
> Lenny, which I hope to release before Christmas.
> - gnutls in squeeze will be updated by backport to 2.8.6 rather than
> by upgrading to 2.10. This will happen as soon as someone has the time
> to do the testing. IMHO, this can also be done in a DSA or point
> release and should not delay squeeze's release.
> - When the backport+testing for 2.8.6 is done, we can decide about
> what to do with 2.4.2 in Lenny.
>
Thanks for the summary.
Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20101218/61b57181/attachment.pgp>
More information about the Pkg-gnutls-maint
mailing list