Fixing "lucky 13" CVE-2013-0169 in gnutls28
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Feb 23 17:37:12 UTC 2013
On 2013-02-20 Dominique Dumont <dod at debian.org> wrote:
> Le dimanche 10 février 2013 16:26:40, Andreas Metzler a écrit :
>>>> PS: My first idea was to simply pull gnutls28, providing guile-gnutls
>>>> and gnutls-bin from gnutls26 again. However there is a reverse
>>>> dependency (pan) on libgnutls28 in testing nowadays. Pan is not
>>>> distributable currently http://bugs.debian.org/699892
>>>> but that might still be fixed in time for the release.
> I've fixed the license bug by dropping SSL support from pan. pan no longer
> depends on any libgnutls.
Hello,
the new pan upload should propagate to testing in a week.
Find attached a proposed patch to build both guile-gnutls and
gnutls-bin from gnutls26 instead of gnutls28 for wheezy. Would this be
acceptable for an unstable upload targeted for testing? Afterwards
gnutls28 could be pulled from wheezy.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from-4_to-5.diff
Type: text/x-diff
Size: 16439 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130223/7bc39bf4/attachment-0001.diff>
More information about the Pkg-gnutls-maint
mailing list