[Tails-dev] Fwd: gnutls26 security update

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: tails-dev
Betreff: [Tails-dev] Fwd: gnutls26 security update
hi,

we might want to add the Squeeze LTS sources for 1.0.1,
to get e.g. this security fix.

anonym, and anyone else wanting to help with the RM duty, you'll
definitely want to subscribe to the debian-lts-announce list.

Package : gnutls26
Version        : 2.8.6-1+squeeze4
CVE ID         : CVE-2014-3466


Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious
server could use this to execute arbitrary code or perform denial
or service.

--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc