Ticket #7542 (closed defect: invalid)

Opened 3 years ago

Last modified 8 months ago

Security issues in gnutls-2.2.1

Reported by: drkirkby Owned by: mvngu
Priority: critical Milestone: sage-duplicate/invalid/wontfix
Component: cryptography Keywords:
Cc: david.kirkby@… Work issues:
Report Upstream: Reported upstream. Developers acknowledge bug. Reviewers: Jeroen Demeyer
Authors: Merged in:
Dependencies: Stopgaps:

Description

According to the Simon Josefsson, there are security issues with version 2.2.1.

"Unless you back-port security fixes to 2.2.x, you want to use the 2.8.x release to get proper security fixes."

There are two other issues with 2.2.1 I am aware of.

  • #7387 gnutls not building on OpenSolaris (x86)
  • #7511 gnutls-2.2.1 fails to build on HP-UX

I do not know exactly what the bug is, but I'm told there are security issues with this release.

I tried to create a .spkg from the latest release, but that failed to build on Solaris 10 (SPARC) so was worst than the older release, though the developers tell me it should be ok.

dave

Change History

comment:1 Changed 3 years ago by drkirkby

  • Cc david.kirkby@… added

comment:2 Changed 8 months ago by jdemeyer

  • Status changed from new to closed
  • Reviewers set to Jeroen Demeyer
  • Resolution set to invalid
  • Milestone changed from sage-5.4 to sage-duplicate/invalid/wontfix

GNUTLS is no longer part of Sage.

Note: See TracTickets for help on using tickets.