Hi Andreas, On Sat, Apr 18, 2015 at 07:22:46PM +0200, Andreas Metzler wrote: > On 2015-04-17 Moritz Muehlenhoff <j...@debian.org> wrote: > > Hi Andreas, > > this was assigned CVE-2015-3308: > > http://www.openwall.com/lists/oss-security/2015/04/15/6 > > > gnutls in wheezy or squeeze should not be affected, the > > code was introduced in 3.3 (please double-check).
FYI: Should have been introduced with 3.3.0, yes: http://gnutls.org/manual/html_node/X509-certificate-API.html#gnutls_005fx509_005fext_005fimport_005fcrl_005fdist_005fpoints-1 (have added accordingly the found version for the BTS). > > This doesn't seem severe, could you fix this in the first > > jessie point release? > > Hello, > > I will push an upload to unstable to get some free testing and will try > to get this fixed in jessie, either with a separate upload or (if jessie > is delayed) an unblock. Note that there will proably be no more unblocks now since we are effectively in deep freeze for the jessie release. So this update will most likely go trough either a jessie-proposed-update, or a jessie-security update. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
