The patch (ebian/patches/91_CVE-2008-4989.dif) is consistent with upstream's 2.6.2. The 2.6.1 fix for this CVE introduced a regression (see Debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279). Upstream's response (and patch) can be read about here: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
Ubuntu never suffered from this regression, and has the full patch as seen in 2.6.2. Could gnutls have been too lenient in the past? If the certificate is self-signed, you should be able to use '--insecure' to connect to staging. -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
