[Tails-dev] Fwd: gnutls26 security update

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: tails-dev
Sujet: [Tails-dev] Fwd: gnutls26 security update
hi,

we might want to add the Squeeze LTS sources for 1.0.1,
to get e.g. this security fix.

anonym, and anyone else wanting to help with the RM duty, you'll
definitely want to subscribe to the debian-lts-announce list.

Package : gnutls26
Version        : 2.8.6-1+squeeze4
CVE ID         : CVE-2014-3466


Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious
server could use this to execute arbitrary code or perform denial
or service.

--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc