[Pkg-haskell-maintainers] Bug#701593: reversion caused by security chain fix

Joey Hess joeyh at debian.org
Sun Feb 24 19:08:36 UTC 2013


Package: libghc-tls-extra-dev
Version: 0.4.6.1-1
Severity: serious

The security fix in this release seems to have caused a reversion
which rejects certificates that everything else accepts are valid.

Amoung the certificates now rejected is www.box.com, which is a problem
for me with git-annex. Others may be more interested to see that it now
rejects www.google.com's certificate. :P

Upstream bug report: https://github.com/vincenthz/hs-tls/issues/32

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libghc-tls-extra-dev depends on:
ii  ghc [libghc-time-dev-1.4-3e186]                              7.4.1-4
ii  libc6                                                        2.13-38
ii  libffi5                                                      3.0.10-3
pn  libghc-base-dev-4.5.0.0-c8e71                                <none>
pn  libghc-bytestring-dev-0.9.2.1-4adca                          <none>
ii  libghc-certificate-dev [libghc-certificate-dev-1.2.3-97278]  1.2.3-1+b1
ii  libghc-crypto-api-dev [libghc-crypto-api-dev-0.10.2-4102c]   0.10.2-1+b2
ii  libghc-cryptocipher-dev [libghc-cryptocipher-dev-0.3.5-46e4  0.3.5-1+b1
ii  libghc-cryptohash-dev [libghc-cryptohash-dev-0.7.5-e9a2a]    0.7.5-1+b2
ii  libghc-mtl-dev [libghc-mtl-dev-2.1.1-ae9b4]                  2.1.1-1
ii  libghc-network-dev [libghc-network-dev-2.3.0.13-6b330]       2.3.0.13-1+b2
ii  libghc-pem-dev [libghc-pem-dev-0.1.1-84ae4]                  0.1.1-1+b3
ii  libghc-text-dev [libghc-text-dev-0.11.2.0-a625b]             0.11.2.0-1
ii  libghc-tls-dev [libghc-tls-dev-0.9.5-40f43]                  0.9.5-1+b2
ii  libghc-vector-dev [libghc-vector-dev-0.9.1-81be4]            0.9.1-2+b1
ii  libgmp10                                                     2:5.0.5+dfsg-2

libghc-tls-extra-dev recommends no packages.

Versions of packages libghc-tls-extra-dev suggests:
pn  libghc-tls-extra-doc   <none>
ii  libghc-tls-extra-prof  0.4.6.1-1

-- no debconf information

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-haskell-maintainers/attachments/20130224/88bf7fa9/attachment.pgp>


More information about the Pkg-haskell-maintainers mailing list