Opened 10 years ago

Closed 7 years ago

#7542 closed defect (invalid)

Security issues in gnutls-2.2.1

Reported by: drkirkby Owned by: mvngu
Priority: critical Milestone: sage-duplicate/invalid/wontfix
Component: cryptography Keywords:
Cc: david.kirkby@… Merged in:
Authors: Reviewers: Jeroen Demeyer
Report Upstream: Reported upstream. Developers acknowledge bug. Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

According to the Simon Josefsson, there are security issues with version 2.2.1.

"Unless you back-port security fixes to 2.2.x, you want to use the 2.8.x release to get proper security fixes."

There are two other issues with 2.2.1 I am aware of.

  • #7387 gnutls not building on OpenSolaris (x86)
  • #7511 gnutls-2.2.1 fails to build on HP-UX

I do not know exactly what the bug is, but I'm told there are security issues with this release.

I tried to create a .spkg from the latest release, but that failed to build on Solaris 10 (SPARC) so was worst than the older release, though the developers tell me it should be ok.

dave

Change History (2)

comment:1 Changed 10 years ago by drkirkby

  • Cc david.kirkby@… added

comment:2 Changed 7 years ago by jdemeyer

  • Milestone changed from sage-5.4 to sage-duplicate/invalid/wontfix
  • Resolution set to invalid
  • Reviewers set to Jeroen Demeyer
  • Status changed from new to closed

GNUTLS is no longer part of Sage.

Note: See TracTickets for help on using tickets.