Univention Bugzilla – Bug 40411
gnutls26: Multiple issues (4.0)
Last modified: 2016-02-05 14:35:16 CET
Upstream Debian package version 2.12.20-8+deb7u5 fixes the following issues: * fail to check the first byte of the padding in CBC modes (CVE-2015-8313) * SLOTH: Security Losses from Obsolete and Truncated Transcript Hashes (CVE-2015-7575)
repo_admin.py --cherrypick --release 4.1-0-0 -s errata4.1-0 --releasedest 4.0-0-0 --dest errata4.0-4 -p gnutls26 Advisory (gnutls26.yaml): r67033
OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(gnutls26)~i' # 2.12.20-8.29.201601280949 OK: UCS-4.0 < UCS-4.1 OK: apt-get install gnutls-bin OK: apt-get install libgnutls26-dbg OK: apt-get install gnutls26-doc OK: apt-get install libgnutls-openssl27 OK: apt-get install libgnutlsxx27 OK: apt-get install guile-gnutls # unmaintained=yes OK: apt-get install libgnutls-dev # unmaintained=yes OK: amd64 i386 OK: elinks http://google.de/ OK: gnutls-cli mail.univention.de -p submission -s --insecure OK: ldapsearch -H "ldap://$(ucr get ldap/master)" -b "$(ucr get ldap/base)" -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret -ZZ -LLL uid=Administrator uid OK: zless /usr/share/doc/libgnutls26/changelog.Debian.gz OK: CVE-2015-8313 OK: CVE-2015-7575 FIXED: gnutls26.yaml r67096 OK: errata-announce -VVBB --only gnutls26.yaml
<http://errata.software-univention.de/ucs/4.0/398.html>