On 2013-02-10 Julien Cristau <jcris...@debian.org> wrote: > On Thu, Feb 7, 2013 at 11:54:52 +0100, Andreas Metzler wrote: > > sadly CVE-2013-0169 also (see 699891) applies to gnutls28. [...] >> PS: My first idea was to simply pull gnutls28, providing guile-gnutls >> and gnutls-bin from gnutls26 again. However there is a reverse >> dependency (pan) on libgnutls28 in testing nowadays. Pan is not >> distributable currently http://bugs.debian.org/699892 >> but that might still be fixed in time for the release.
> What would be involved in switching pan back to gnutls26? Hello, downgrading the build-depency and patching ./configure[1]. The source builds and the package can still read from news.gmane.org with NNTP/SSL. Which is not a very elaborate test. ;-) cu andreas [1] --- pan-0.139.orig/configure +++ pan-0.139/configure @@ -3045,7 +3045,7 @@ GTK3_REQUIRED=3.0.0 GTKSPELL_REQUIRED=2.0.7 GTKSPELL3_REQUIRED=2.0.16 ENCHANT_REQUIRED=1.6.0 -GNUTLS_REQUIRED=3.0.0 +GNUTLS_REQUIRED=2.12.0 LIBNOTIFY_REQUIRED=0.4.1 LIBGKR_REQUIRED=3.2.0 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130210152640.ga3...@downhill.g.la
