from ${URL}: Hi, GNUTLS just posted a security adivsory which needs a CVE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3 Denial of service This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. Recommendation: Upgrade to the latest gnutls version (3.1.15 or 3.2.5) Commit for 3.1: https://gitorious.org/gnutls/gnutls/commit/916deedf41604270ac398314809e8377476433db Commit for 3.2: https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3 Ciao, Marcus
gnutls-3.2.5 in tree
(In reply to Alon Bar-Lev from comment #1) > gnutls-3.2.5 in tree thanks, cleanup old vuln. versions, please,
(In reply to Mikle Kolyada from comment #2) > (In reply to Alon Bar-Lev from comment #1) > > gnutls-3.2.5 in tree > > thanks, cleanup old vuln. versions, please, this is non stable package, and not trivial changes since last, we should allow people to revert.
The fact that it's unstable means that there is the possibility of breakage. Leave it for a little while if you want, but the old versions do need to go.
(In reply to Alon Bar-Lev from comment #3) > this is non stable package, and not trivial changes since last, we should > allow people to revert. to clarify - we want 3.2.3 and 3.2.4 go from tree, not 2.x
<3.2.5 seems to be gone from tree, closing.
