GNU bug report logs - #66195
[PATCH] gnu: gnutls: Replace with 3.8.1.

Previous Next

Package: guix-patches;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Mon, 25 Sep 2023 19:08:01 UTC

Severity: normal

Tags: patch

Done: Christopher Baines <mail <at> cbaines.net>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 66195 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Christopher Baines <mail <at> cbaines.net>
Cc: 66195 <at> debbugs.gnu.org
Subject: Re: [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
Date: Thu, 19 Oct 2023 22:17:41 +0200

Hi,

Christopher Baines <mail <at> cbaines.net> skribis:

> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
> upgrade to 3.8.0 or later.
>
> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
> (gnutls)[replacement]: Use it.

Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
3.7.7 as currently packaged.

> +(define-public gnutls-3.8.1

Maybe add a comment here with the SA and CVE references.

Then, assuming the ABIs are compatible (which can be checked with
libabigail’s abidiff), LGTM.

Thanks,
Ludo’.
This bug report was last modified 1 year and 215 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.