On Fri, Nov 11, 2011 at 04:35:56PM +0100, Simon Josefsson wrote: > fre 2011-11-11 klockan 16:10 +0100 skrev Moritz Muehlenhoff: > > Package: gnutls26 > > Severity: important > > Tags: security > > > > Please see http://www.gnu.org/s/gnutls/security.html for details. > > > > Fixes: > > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=7fc8fa6464d305440fddab423079c76a915decc3 > > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=588708465992e1d9fc09cf4e3a39caef878428d9 > > > > Given the following inline documentation I would assume that this > > could be triggered by a malicious server providing a service over > > TLS to crash the client, but not the other way 'round. Is that correct? > > As far as I understand, the client also has to be written in a > vulnerable way. The example code doesn't, and likely there are few > clients like that around. More investigation is warranted...
Andreas, can you fix this for the upcoming stable point update? http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Although it's minor it would be nice to fix it up in stable. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org