Bug#727660: gnutls28: CVE-2013-4466: GNUTLS-SA-2013-3
Andreas Metzler
ametzler at bebt.de
Sat Oct 26 06:24:21 UTC 2013
On 2013-10-25 Salvatore Bonaccorso <carnil at debian.org> wrote:
> On Fri, Oct 25, 2013 at 09:56:58AM -0400, Daniel Kahn Gillmor wrote:
[...]
>> Is this relevant for debian, given that we build with --disable-libdane?
> Thanks for this heads-up. I missed this part when checking for the
> mentioned CVE. Apologies for the mistaken bugreport.
Hello,
no worries, thanks for keeping an eye on gnutls.
>> btw, it's not clear to me why we --disable-libdane -- I see that it was
>> set (along with --without-tpm) in 3.1.3-1, but i don't see the reason
>> for it. could that be clarified someplace?
[...]
--without-tpm had some license rationale, --disable-libdane might have
been related to licensing (I think it was one of the leftover LGPLv3
GnuTLS parts at this time and I have not completely given up on a
LGPLv2+ GnuTLS stack.). If there is *strong* interest in libdane I can
doublecheck and enable if feasible (or else document).
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list