Package: libghc-tls-extra-dev Version: 0.4.6.1-1 Severity: serious The security fix in this release seems to have caused a reversion which rejects certificates that everything else accepts are valid.
Amoung the certificates now rejected is www.box.com, which is a problem for me with git-annex. Others may be more interested to see that it now rejects www.google.com's certificate. :P Upstream bug report: https://github.com/vincenthz/hs-tls/issues/32 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libghc-tls-extra-dev depends on: ii ghc [libghc-time-dev-1.4-3e186] 7.4.1-4 ii libc6 2.13-38 ii libffi5 3.0.10-3 pn libghc-base-dev-4.5.0.0-c8e71 <none> pn libghc-bytestring-dev-0.9.2.1-4adca <none> ii libghc-certificate-dev [libghc-certificate-dev-1.2.3-97278] 1.2.3-1+b1 ii libghc-crypto-api-dev [libghc-crypto-api-dev-0.10.2-4102c] 0.10.2-1+b2 ii libghc-cryptocipher-dev [libghc-cryptocipher-dev-0.3.5-46e4 0.3.5-1+b1 ii libghc-cryptohash-dev [libghc-cryptohash-dev-0.7.5-e9a2a] 0.7.5-1+b2 ii libghc-mtl-dev [libghc-mtl-dev-2.1.1-ae9b4] 2.1.1-1 ii libghc-network-dev [libghc-network-dev-2.3.0.13-6b330] 2.3.0.13-1+b2 ii libghc-pem-dev [libghc-pem-dev-0.1.1-84ae4] 0.1.1-1+b3 ii libghc-text-dev [libghc-text-dev-0.11.2.0-a625b] 0.11.2.0-1 ii libghc-tls-dev [libghc-tls-dev-0.9.5-40f43] 0.9.5-1+b2 ii libghc-vector-dev [libghc-vector-dev-0.9.1-81be4] 0.9.1-2+b1 ii libgmp10 2:5.0.5+dfsg-2 libghc-tls-extra-dev recommends no packages. Versions of packages libghc-tls-extra-dev suggests: pn libghc-tls-extra-doc <none> ii libghc-tls-extra-prof 0.4.6.1-1 -- no debconf information -- see shy jo
signature.asc
Description: Digital signature
