Fixing "lucky 13" CVE-2013-0169 in gnutls28
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Mar 2 17:19:04 UTC 2013
On 2013-03-01 Julien Cristau <jcristau at debian.org> wrote:
> On Sat, Feb 23, 2013 at 18:37:12 +0100, Andreas Metzler wrote:
>> Find attached a proposed patch to build both guile-gnutls and
>> gnutls-bin from gnutls26 instead of gnutls28 for wheezy. Would this be
>> acceptable for an unstable upload targeted for testing? Afterwards
>> gnutls28 could be pulled from wheezy.
> Is there a particular reason we need to ship guile-gnutls? It appears
> to have 0 reverse dependency...
Hello,
I have no idea how popular guile-gnutls is, whether many people are
using it in their own scripts.
The binary package was originally asked for by Ludovic Courtès. -
Perhaps he can shed a little light...
----------------------------
@*Ludovic*: To give you some context, we are planning to pull
gnutls28 from wheezy. If we also stopped shipping guile-gnutls instead
of proving it from gnutls 2.x again we could a) get rid of a package
without reverse dependencies and b) do without building gnutls with
--disable-largefile on armel, armhf and mipsel. Do you have any idea
how popular guile-gnutls is?
----------------------------
However generally speaking I don't think pulling guile-gnutls just to
get rid of --disable-largefile on armel, armhf and mipsel is necessary,
gnutls versions before 2.12.10-1 were built without large file support
even on i386.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list