Bug#727660: gnutls28: CVE-2013-4466: GNUTLS-SA-2013-3
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 25 13:56:58 UTC 2013
On 10/25/2013 12:20 AM, Salvatore Bonaccorso wrote:
> CVE-2013-4466[0]:
> gnutls/libdane buffer overflow
>
> This only affects 3.1.x and 3.2.x so, gnutls28. A patch [1] is
> provided (upstream recomendation is to directly update to 3.2.5, see
> [2]).
Is this relevant for debian, given that we build with --disable-libdane?
btw, it's not clear to me why we --disable-libdane -- I see that it was
set (along with --without-tpm) in 3.1.3-1, but i don't see the reason
for it. could that be clarified someplace?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20131025/efa05570/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list