From ${URL} : A vulnerability was discovered in gnutls that affects certificate verification when GnuTLS is used in combination with the p11-kit trust module. This issue affects gnutls 3.3.23, 3.4.12 and later versions. External References: http://gnutls.org/security.html#GNUTLS-SA-2016-2 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Can be stabilize.
amd64 stable
x86 stable
Stable for HPPA PPC64.
Stable on alpha.
arm stable
sparc stable
ppc stable 3.3.24-r1 in another bug
(In reply to Agostino Sarubbo from comment #8) > ppc stable 3.3.24-r1 in another bug same for ia64
Cleaned up.
@ Maintainer(s): Can you confirm that Gentoo did not build gnutls with "--with-default-trust-store-pkcs11"?
(In reply to Thomas Deutschmann from comment #11) > @ Maintainer(s): Can you confirm that Gentoo did not build gnutls with > "--with-default-trust-store-pkcs11"? We have never explicitly enabled that, and based on what I see from source it is not enabled by default.
(In reply to Alon Bar-Lev from comment #12) > We have never explicitly enabled that, and based on what I see from source > it is not enabled by default. Thanks. I came to the same conclusion. Therefore, lowering rating to B3. GLSA Vote: No All done, tree is clean.