[pkg-lynx-maint] Bug#789189: jessie-pu: package lynx-cur/2.8.9dev1-2+deb8u1
Andreas Metzler
ametzler at bebt.de
Thu Jun 18 18:37:50 UTC 2015
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
Hello,
I would like to fix 784430 in jessie:
* lynx-cur is using a buggy GnuTLS priority string.
* After fixing GNUTLS-SA-2015-2 (a minor issue) GnuTLS is more strict
when applying the priority string. Combining lynx-cur/jessie
with a fixed GnuTLS therefore results in major SSL/TLS breakage.
According to the security-tracker GNUTLS-SA-2015-2 will not be fixed
by a dedicated DSA, however it is labeled as "Minor issue; Can be
fixed along with a future DSA"
Suggested patch attached. The respective changes was uploaded to sid in
2.8.9dev6-3 on May 16.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lynx-stable-upload.diff
Type: text/x-diff
Size: 2538 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-lynx-maint/attachments/20150618/5ffc6758/attachment.diff>
More information about the pkg-lynx-maint
mailing list