Bug#950096: Bug#949976: p11-kit 0.23.19 breaks p11 certificate trust in Flatpak runtimes that have 0.23.18 or older

Simon McVittie smcv at debian.org
Wed Jan 29 17:49:00 GMT 2020


Control: severity 949976 important
Control: reassign 950096 p11-kit 0.23.19-2
Control: forcemerge 949976 950096
Control: affects 949976 + flatpak
Control: tags 949976 + fixed-upstream

On Wed, 29 Jan 2020 at 12:43:36 +0000, Simon McVittie wrote:
> On Wed, 29 Jan 2020 at 12:36:41 +0000, Simon McVittie wrote:
> > More specifically, it breaks certificate trust in libraries and
> > applications inside the runtime if they are linked to p11-kit older
> > than 0.23.19. In particular this affects anything that uses GNUTLS,
> > notably the GNOME stack.
> 
> I've sent a similar explanation upstream, in an attempt to stop discussion
> getting fragmented between downstream and Flatpak issue trackers.

p11-kit upstream have reverted the problematic changes for now, while
they work out a backwards-compatible solution. p11-kit maintainers:
please update to 0.23.20, and close this bug in that upload.

Thanks,
    smcv



More information about the Pkg-gnutls-maint mailing list