[gnutls-devel] GnuTLS 3.5.7 - any patches should I pick for Debian/stretch release?

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sat Jan 28 12:21:21 CET 2017


On Sat, 2017-01-07 at 17:33 +0100, Andreas Metzler wrote:
> Hello,
> 
> Debian/stretch will soon be frozen. Starting February 5 automatic
> migration from debian/unstable to sid is stopped and updates of
> packages
> require approval by release managers. i.e. to enter jessie before
> this
> deadline I will need to upload before about January 25.

A bit late, but some more bug fixes you may be interested to are:

IDNA2008 support: https://gitlab.com/gnutls/gnutls/merge_requests/240
While it is a feature, on certain occasions sticking to IDNA2003 can be
considered a vulnerability because of incompatibilities between the
mappings of UTF-8 DNS names to ascii format [0]. That is a quite large
bunch of patches, but in the long run  I think it is better to support
IDNA2008 rather than sticking to IDNA2003 which may cause potential
CVEs later.

A fix on AVX detection to allow gnutls run on certain virtual systems:
https://gitlab.com/gnutls/gnutls/commit/ef78a758cb899609d7eb4578017bc752272cb423

regards,
Nikos

[0]. https://www.plesk.com/blog/what-is-the-problem-with-s/




More information about the Gnutls-devel mailing list