Just to record my analysis of the debdiff: The changes are basically the same as the upstream commits, except for the PKCS#11 changes. This means that PKCS#11 certificates are still checked in full. I'm not sure where that would be used, but it is not a security problem (less is allowed than upstream, not more).
I have verified that xenial contains the same fixes by checking that _gnutls_check_if_same_key() exists there. The changelog mentions trusty-updates, and does not close the bug report. I added (LP: #1722411) as a final line and changed the distribution to trusty to match other uploads. I'm building now, and will verify that the bug is fixed and upload afterwards. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722411 Title: gnutls28 in trusty no longer validates many valid certificate chains, such as google.com To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1722411/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
