Hello, sadly CVE-2013-0169 also (see 699891) applies to gnutls28. I have just uploaded gnutls28_3.0.22-3 to unstable, pretty much with the same set of fixes as gnutls26 2.12.20-4 to unstable. I am not sure how you would prefer to have this fixed in testing.
Could 3.0.22-3 propagate to testing? The version in testing is two upstream versions older (3.0.20-3), therefore the diff will be pretty big. Or is a tpu upload necessary? cu andreas PS: My first idea was to simply pull gnutls28, providing guile-gnutls and gnutls-bin from gnutls26 again. However there is a reverse dependency (pan) on libgnutls28 in testing nowaday. Pan is not distributable currently http://bugs.debian.org/699892 but that might still be fixed in time for the release. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130207105452.ga3...@downhill.g.la
