Critical bug in GnuTLS
Susi Lehtola
jussilehtola at fedoraproject.org
Wed Mar 5 13:32:01 UTC 2014
On Wed, 5 Mar 2014 11:29:23 +0000
"Patrick O'Callaghan" <pocallaghan at gmail.com> wrote:
> On Wed, Mar 5, 2014 at 10:28 AM, Ed Greshko <ed.greshko at greshko.com> wrote:
> > On 03/05/14 18:21, Patrick O'Callaghan wrote:
> >> On Wed, Mar 5, 2014 at 1:26 AM, Matthew Miller <mattdm at fedoraproject.org> wrote:
> >>> https://admin.fedoraproject.org/updates/FEDORA-2014-3413/gnutls-3.1.20-4.fc20
> >>> https://admin.fedoraproject.org/updates/FEDORA-2014-3363/gnutls-3.1.20-4.fc19
> >>>
> >>> These need testing and karma.
> >> AFAIK 3.1.20 is not the bugfixed version. It needs to be 3.2.12, which
> >> is still only available for F21.
> >>
> >> poc
> >
> > So, you're saying the comments in those links are inaccurate?
>
> I'm just wondering why the version numbers don't correspond to those
> in the GnuTLS advisory:
>
> http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
Most likely because the patch has been applied, as the maintainer didn't
want to do a version bump on a core package.
--
Susi Lehtola
Fedora Project Contributor
jussilehtola at fedoraproject.org
More information about the users
mailing list