Your message dated Fri, 02 Jan 2015 12:40:16 +0000
with message-id <[email protected]>
and subject line Bug#767610: Removed package(s) from unstable
has caused the Debian Bug report #476441,
regarding libgnutls26: chooses AES128 over AES256 (again)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
476441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476441
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls26
Version: 2.2.2-1
Severity: important
When authenticating against a dovecot IMAP server, mutt now uses AES128,
not AES256. There is no reason that mutt should use a weaker cipher.
This problem has occurred before and upstream provided the rationale
that other parts of the cryptosystem are weaker than the 256-bit
symmetric cipher, so there is no real gain in security. However, that
is no reason to deliberately cripple one part of the cryptosystem, and
256-bit AES is only slightly slower than 128-bit AES (I know, I've
implemented both). This is also a regression from libgnutls13.
libgnutls26 should revert to choosing AES256 over AES128.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-rc8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls26 depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libgcrypt11 1.4.0-3 LGPL Crypto library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libopencdk10 0.6.6-1 Open Crypto Development Kit (OpenC
ii libtasn1-3 1.3-1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
libgnutls26 recommends no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 2.12.23-17+rm
Dear submitter,
as the package gnutls26 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767610
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
