Package: libgnutls-deb0-28 Version: 3.3.8-6+deb8u6 Severity: normal If the application closes open files during startup (e.g., a daemon), it may close the file that gnutls has open for /dev/urandom. The recommended way to handle this situation is to call gnutls_global_init() again. This will check if the fd for /dev/urandom is still valid and re-open it if not.
Unfortunately, the way that the /dev/urandom fd is checked is not reliable. It only checks the mode, which might be the same if the application reused the fd for another character device with the same permissions (e.g., /dev/null). A fix for this was recently backported to the gnutls_3_3_x branch: https://gitlab.com/gnutls/gnutls/commit/5006914fda50f25807451a03616cdf2e7be0268f It would be great if this could be included in jessie as otherwise calling gnutls_global_init() a 2nd time is unreliable. If it helps, I can prepare a patch for the gnutls28 package, but I wasn't quite sure about the patch naming conventions there. Thanks, -- Dan Nicholson | +1.206.437.0833 | Endless