[gnutls-devel] GnuTLS 3.5.7 - any patches should I pick for Debian/stretch release?

Andreas Metzler ametzler at bebt.de
Sat Jan 28 18:33:57 CET 2017


On 2017-01-28 Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:
[...]
> A bit late, but some more bug fixes you may be interested to are:

> IDNA2008 support: https://gitlab.com/gnutls/gnutls/merge_requests/240
> While it is a feature, on certain occasions sticking to IDNA2003 can be
> considered a vulnerability because of incompatibilities between the
> mappings of UTF-8 DNS names to ascii format [0]. That is a quite large
> bunch of patches, but in the long run  I think it is better to support
> IDNA2008 rather than sticking to IDNA2003 which may cause potential
> CVEs later.

> A fix on AVX detection to allow gnutls run on certain virtual systems:
> https://gitlab.com/gnutls/gnutls/commit/ef78a758cb899609d7eb4578017bc752272cb423
[...]

Thanks for the heads-up. Will definitily pull AVX fix. I will probably
hold back with IDNA 2008. It is a too big change to try to squeeze in
quickly.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gnutls-devel mailing list