On Wed, 5 Mar 2014 11:29:23 +0000
"Patrick O'Callaghan" <pocallaghan(a)gmail.com> wrote:
On Wed, Mar 5, 2014 at 10:28 AM, Ed Greshko
<ed.greshko(a)greshko.com> wrote:
> On 03/05/14 18:21, Patrick O'Callaghan wrote:
>> On Wed, Mar 5, 2014 at 1:26 AM, Matthew Miller <mattdm(a)fedoraproject.org>
wrote:
>>>
https://admin.fedoraproject.org/updates/FEDORA-2014-3413/gnutls-3.1.20-4....
>>>
https://admin.fedoraproject.org/updates/FEDORA-2014-3363/gnutls-3.1.20-4....
>>>
>>> These need testing and karma.
>> AFAIK 3.1.20 is not the bugfixed version. It needs to be 3.2.12, which
>> is still only available for F21.
>>
>> poc
>
> So, you're saying the comments in those links are inaccurate?
I'm just wondering why the version numbers don't correspond to those
in the GnuTLS advisory:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
Most likely because the patch has been applied, as the maintainer didn't
want to do a version bump on a core package.
--
Susi Lehtola
Fedora Project Contributor
jussilehtola(a)fedoraproject.org