As indicated by Nikos Mavrogiannopoulos on the gnutls-devel mailing list[1], this problem had been fixed upstream in 3.3.12.
I had completely forgotten to check upstream for fixes. My suggested patch is almost exactly the same as commit 023156a from the GnuTLS Git[2]. I'd like to suggest backporting that commit to GnuTLS in jessie/stable, to not deviate unnecessarily from upstream and fix the problem. The message [1] also mentions a second commit which prevents calling the code with a length 0 in the first place, as it is a useless action. That commit is not necessary to fix this specific bug. With regards, Peter. [1] https://lists.gnupg.org/pipermail/gnutls-devel/2015-June/007627.html [2] https://gitlab.com/gnutls/gnutls/commit/023156ae2504c1911f8f2e66a0ebde316931671c -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org