# On 2008-11-11 Michael Gilbert <[EMAIL PROTECTED]> wrote: # > Package: libgnutls26 # > Version: 2.4.2-2 # > Severity: grave # > Tags: security # > Justification: user security hole # # > redhat has just released an update that fixes a security flaw in gnutls [1]. # > the CVE page [2] indicates that the issue is currently reserved, but redhat # > describes the problem as: # # > Martin von Gagern discovered a flaw in the way GnuTLS verified certificate # > chains provided by a server. A malicious server could use this flaw to # > spoof its identity by tricking client applications using the GnuTLS library # > to trust invalid certificates. (CVE-2008-4989) # # > redhat describes this as a "moderate severity" issue, so i assume that this # > should be tracked as medium-urgency in debian. # # > it is not clear which versions are affected. the redhat updates are only # > for their enterprise (rhel 5) version, which is gnutls 1.4.1. # # > [1] https://rhn.redhat.com/errata/RHSA-2008-0982.html # > [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989
# Bug applies to every gnutls26 upload, mark it as found in first # upload to unstable. found 505360 2.2.1-2 # This bug is already fixed in the version you reported the bug # against. notfound 505360 2.4.2-2 clone 505360 -1 close 505360 2.4.2-2 # Bug also applies to gnutls13 reassign -1 libgnutls13 found -1 1.4.4-3 thanks cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
