[Bug 1326779] Re: libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 8 13:27:25 UTC 2015
subscribing ubuntu-security-sponsors as per:
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes%20for%20Contributors
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1326779
Title:
libgnutls28 appears to not have been updated for CVE-2014-3466 in
Trusty
Status in gnutls28 package in Ubuntu:
Triaged
Bug description:
Hi,
Although you've pushed out a patch for CVE-2014-3466 to libgnutls26 in
the current stable LTS Ubuntu release (Trusty) you've not pushed out a
corresponding patch for libgnutls28 (which is used by some packages).
Looking at the apt-cache policy output:
$ apt-cache policy libgnutls28
libgnutls28:
Installed: 3.2.11-2ubuntu1
Candidate: 3.2.11-2ubuntu1
Version table:
*** 3.2.11-2ubuntu1 0
500 http://archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
100 /var/lib/dpkg/status
This would look like a vulnerable version according to the CVE report
(also launchpad shows this package as not having been updated since
the 5th of March).
http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-3466
Can you please push out this patch asap, especially given that the
vulnerability has been widely publicised in the media as of yesterday?
Thanks,
Dr Owain Kenway
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779/+subscriptions
More information about the foundations-bugs
mailing list