Bug#782776: CVE-2015-3308
On 2015-04-18 Andreas Metzler ametz...@bebt.de wrote: On 2015-04-17 Moritz Muehlenhoff j...@debian.org wrote: Hi Andreas, this was assigned CVE-2015-3308: [..] This doesn't seem severe, could you fix this in the first jessie point release? Hello, I will push an upload to unstable to get some free testing and will try to get this fixed in jessie, either with a separate upload or (if jessie is delayed) an unblock. cu Andreas I have submitted a bug for a pu upload, see 783526. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#782776: CVE-2015-3308
On 2015-04-17 Moritz Muehlenhoff j...@debian.org wrote: Hi Andreas, this was assigned CVE-2015-3308: http://www.openwall.com/lists/oss-security/2015/04/15/6 gnutls in wheezy or squeeze should not be affected, the code was introduced in 3.3 (please double-check). This doesn't seem severe, could you fix this in the first jessie point release? Hello, I will push an upload to unstable to get some free testing and will try to get this fixed in jessie, either with a separate upload or (if jessie is delayed) an unblock. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#782776: CVE-2015-3308
Hi Andreas, On Sat, Apr 18, 2015 at 07:22:46PM +0200, Andreas Metzler wrote: On 2015-04-17 Moritz Muehlenhoff j...@debian.org wrote: Hi Andreas, this was assigned CVE-2015-3308: http://www.openwall.com/lists/oss-security/2015/04/15/6 gnutls in wheezy or squeeze should not be affected, the code was introduced in 3.3 (please double-check). FYI: Should have been introduced with 3.3.0, yes: http://gnutls.org/manual/html_node/X509-certificate-API.html#gnutls_005fx509_005fext_005fimport_005fcrl_005fdist_005fpoints-1 (have added accordingly the found version for the BTS). This doesn't seem severe, could you fix this in the first jessie point release? Hello, I will push an upload to unstable to get some free testing and will try to get this fixed in jessie, either with a separate upload or (if jessie is delayed) an unblock. Note that there will proably be no more unblocks now since we are effectively in deep freeze for the jessie release. So this update will most likely go trough either a jessie-proposed-update, or a jessie-security update. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#782776: CVE-2015-3308
Source: gnutls28 Severity: important Tags: security Hi Andreas, this was assigned CVE-2015-3308: http://www.openwall.com/lists/oss-security/2015/04/15/6 gnutls in wheezy or squeeze should not be affected, the code was introduced in 3.3 (please double-check). This doesn't seem severe, could you fix this in the first jessie point release? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
