On 26/02/14 19:17, Andreas Metzler wrote: > On 2014-02-26 Daniel Pocock <dan...@pocock.pro> wrote: >> Package: libgnutls26 >> Severity: serious >> Version: 2.12.20-8 > > [...] >> - running gnutls-cli in debug mode, I notice the following: > [...] > > Can you check whether this is fixed in GnuTLS 3.x? - It is available > in wheezy-backports. >
I already removed the cacert.org certs from that server and changed to another root so it is not something I can test immediately. Even if 3.x fixes it, people will still be using wheezy for another good 12-18 months so this probably needs to go in a security update to avoid massive inconvenience (unless cacert.org decides to go back to SHA-256) Also, I started a thread on the cacert mailing list about this issue: https://lists.cacert.org/wws/arc/cacert/2014-02/msg00001.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
