GNUTLS just posted a security adivsory which needs a CVE:
Denial of service
This vulnerability affects the DANE library of gnutls 3.1.x and gnutls
3.2.x. A server that returns more 4 DANE entries could corrupt the memory
of a requesting client. Recommendation: Upgrade to the latest gnutls
version (3.1.15 or 3.2.5)
Commit for 3.1:
Commit for 3.2:
gnutls-3.2.5 in tree
(In reply to Alon Bar-Lev from comment #1)
> gnutls-3.2.5 in tree
thanks, cleanup old vuln. versions, please,
(In reply to Mikle Kolyada from comment #2)
> (In reply to Alon Bar-Lev from comment #1)
> > gnutls-3.2.5 in tree
> thanks, cleanup old vuln. versions, please,
this is non stable package, and not trivial changes since last, we should allow people to revert.
The fact that it's unstable means that there is the possibility of breakage. Leave it for a little while if you want, but the old versions do need to go.
(In reply to Alon Bar-Lev from comment #3)
> this is non stable package, and not trivial changes since last, we should
> allow people to revert.
to clarify - we want 3.2.3 and 3.2.4 go from tree, not 2.x
<3.2.5 seems to be gone from tree, closing.