[Tails-dev] Fwd: gnutls26 security update

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tails-dev
Subject: [Tails-dev] Fwd: gnutls26 security update
hi,

we might want to add the Squeeze LTS sources for 1.0.1,
to get e.g. this security fix.

anonym, and anyone else wanting to help with the RM duty, you'll
definitely want to subscribe to the debian-lts-announce list.

Package : gnutls26
Version        : 2.8.6-1+squeeze4
CVE ID         : CVE-2014-3466


Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious
server could use this to execute arbitrary code or perform denial
or service.

--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc