On Thu, Feb 7, 2013 at 11:54:52 +0100, Andreas Metzler wrote: > Hello, > > sadly CVE-2013-0169 also (see 699891) applies to gnutls28. > I have just uploaded gnutls28_3.0.22-3 to unstable, pretty much with > the same set of fixes as gnutls26 2.12.20-4 to unstable. I am not > sure how you would prefer to have this fixed in testing. > > Could 3.0.22-3 propagate to testing? The version in testing is two > upstream versions older (3.0.20-3), therefore the diff will be pretty > big. Or is a tpu upload necessary? > I don't think 3.0.22-3 is suitable at this stage... > PS: My first idea was to simply pull gnutls28, providing guile-gnutls > and gnutls-bin from gnutls26 again. However there is a reverse > dependency (pan) on libgnutls28 in testing nowaday. Pan is not > distributable currently http://bugs.debian.org/699892 > but that might still be fixed in time for the release. What would be involved in switching pan back to gnutls26? Cheers, Julien
Attachment:
signature.asc
Description: Digital signature