Kurt Schwehr <kurtschw...@yahoo.com> said: > > Dave, > > Are you aware of this? > http://www.gnutls.org/security.html#GNUTLS-SA-2014-2 > http://lwn.net/Articles/589205/ > > I added a one line warning to the gnutls28.info file, but we > definitely need to get a new version of gnutls into fink. From the > summary: > > How to mitigate the attack? > > * Upgrade to the latest GnuTLS version (3.2.12 or 3.1.22), or apply > the patch for=A0GnuTLS 2.12.x.
We also currently have three different gnutls* library sets as of 10.8ish: gnutls-2.12 (2.12.20-2) gnutls26 (2.10.2-5) gnutls28 (3.0.22-2) Should we push hard to migrate from gnutls26 to...gnutls28 if possible but at least gnutls-2.12, and from gnutls-2.12 to gnutls28 if possible? Really good to get security patches in wherever possible, but also really good to minimize the number of old security-related packages at all. dan -- Daniel Macks dma...@netspace.org ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
