Control: notfound -1 6.00-2 Control: close -1 On Sat, 02 May 2020 11:29:34 +0100 Luca Boccassi <bl...@debian.org> wrote: > Package: openconnect > Version: 6.00-2 > > Tracking https://security-tracker.debian.org/tracker/CVE-2020-12105 > Not sure what's the oldest version affected, asked on > https://security-tracker.debian.org/tracker/CVE-2020-12105
I checked and upstream confirmed, Debian is not vulnerable in any version as the defect only affects builds with OpenSSL, but we use GNUTLS all the way back to old-old-stable. https://gitlab.com/openconnect/openconnect/-/merge_requests/96 Dear Security Team, At your earliest convenience, please mark https://security-tracker.debian.org/tracker/CVE-2020-12105 as not- affected for all Debian releases. Thanks! -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part