Package: gnutls13 Version: 1.3.5-1.1 Severity: important In the gnutls13 package, I detected a buffer overflow which had been fixed 3 months ago in 1.2.10 and 1.3.4:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001053.html The gnutls upstream sources (ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.3.5.tar.bz2) do not contain the faulty code anymore, the Debian sources (gnutls13_1.3.5.orig.tar.gz) however do. There are many other (tiny) differences in ./lib/gnutls_x509.c. This leads me to the conclusion that Debian's gnutls13_1.3.5.orig.tar.gz is incorrect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
