On 02/06/14 15:17, Steven Chamberlain wrote:
> Fortunately at
> least CURL seems to link with OpenSSL instead.
Actually the curl binary links to OpenSSL *and* GnuTLS, so I don't know
which is used normally.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-l
Within the past hour or so it seems to be on mirrors now.
Initially I had some trouble with the indices:
> W: A error occurred during the signature verification. The repository is not
> updated and the previous index files will be used. GPG error:
> http://http.debian.net squeeze-lts Release: T
Hi,
On Mon, 02 Jun 2014 15:38:35 +0300, Wolfgang Jeltsch wrote:
> Unfortunately, I still do not get any update for gnutls26, although the
> update should be available now, according to the recent e-mail by Moritz
> Muehlenhoff.
Regular security.d.o usually has all mirrors updated before the
annou
Am Montag, den 02.06.2014, 09:50 +0200 schrieb Moritz Muehlenhoff:
Package: gnutls26
Version: 2.8.6-1+squeeze4
CVE ID : CVE-2014-3466
Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious
server c
Am Montag, den 02.06.2014, 09:50 +0200 schrieb Moritz Muehlenhoff:
> Package: gnutls26
> Version: 2.8.6-1+squeeze4
> CVE ID : CVE-2014-3466
>
> Joonas Kuorilehto discovered that GNU TLS performed insufficient
> validation of session IDs during TLS/SSL handshakes. A malicio
