On 2013-02-10 Julien Cristau <[email protected]> wrote: > On Thu, Feb 7, 2013 at 11:54:52 +0100, Andreas Metzler wrote: > > sadly CVE-2013-0169 also (see 699891) applies to gnutls28. [...] >> PS: My first idea was to simply pull gnutls28, providing guile-gnutls >> and gnutls-bin from gnutls26 again. However there is a reverse >> dependency (pan) on libgnutls28 in testing nowadays. Pan is not >> distributable currently http://bugs.debian.org/699892 >> but that might still be fixed in time for the release.
> What would be involved in switching pan back to gnutls26? Hello, downgrading the build-depency and patching ./configure[1]. The source builds and the package can still read from news.gmane.org with NNTP/SSL. Which is not a very elaborate test. ;-) cu andreas [1] --- pan-0.139.orig/configure +++ pan-0.139/configure @@ -3045,7 +3045,7 @@ GTK3_REQUIRED=3.0.0 GTKSPELL_REQUIRED=2.0.7 GTKSPELL3_REQUIRED=2.0.16 ENCHANT_REQUIRED=1.6.0 -GNUTLS_REQUIRED=3.0.0 +GNUTLS_REQUIRED=2.12.0 LIBNOTIFY_REQUIRED=0.4.1 LIBGKR_REQUIRED=3.2.0 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
