On 10/25/2013 12:20 AM, Salvatore Bonaccorso wrote: > CVE-2013-4466[0]: > gnutls/libdane buffer overflow > > This only affects 3.1.x and 3.2.x so, gnutls28. A patch [1] is > provided (upstream recomendation is to directly update to 3.2.5, see > [2]).
Is this relevant for debian, given that we build with --disable-libdane?
btw, it's not clear to me why we --disable-libdane -- I see that it was
set (along with --without-tpm) in 3.1.3-1, but i don't see the reason
for it. could that be clarified someplace?
--dkg
signature.asc
Description: OpenPGP digital signature
