Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

2016-11-05 Thread Adam D. Barratt
Control: tags -1 + pending On Tue, 2016-11-01 at 12:00 +0100, Andreas Metzler wrote: > On 2016-10-31 "Adam D. Barratt" wrote: > > On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote: > [...] > >> I think it makes sense to add the GnuTLS patch for compatibitlity

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

2016-11-01 Thread Andreas Metzler
On 2016-10-31 "Adam D. Barratt" wrote: > On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote: [...] >> I think it makes sense to add the GnuTLS patch for compatibitlity with >> CVE-2016-6489-patched nettle. (832983). > jessie's nettle doesn't appear to have been

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

2016-10-31 Thread Adam D. Barratt
Control: tags -1 + confirmed On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote: > On 2016-10-09 Salvatore Bonaccorso wrote: > [...] > > Hi Stable Release Managers, > > > X-Debbugs-CC'ed Andreas Metzler. > > > gnutls28 in jessie is affected by CVE-2016-7444,

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

2016-10-30 Thread Andreas Metzler
On 2016-10-09 Salvatore Bonaccorso wrote: [...] > Hi Stable Release Managers, > X-Debbugs-CC'ed Andreas Metzler. > gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3, > having a flaw in the OCSP certificate check. This was fixed upstream > and included in

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

2016-10-09 Thread Salvatore Bonaccorso
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi Stable Release Managers, X-Debbugs-CC'ed Andreas Metzler. gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3, having a flaw in the OCSP certificate check. This