Bugzilla – Bug 5852
Upgrade GnuTLS to latest version
Last modified: 2016-09-23 10:07:34
You need to
before you can comment on or make changes to this bug.
We're on 3.4.7 but 3.4.11 is available. No CVE has been issued since our last
GnuTLS has been upgraded from 3.4.7 to 3.5.1.
CVE:s fixed since 3.4.7:
File overwrite by setuid programs
Introduced in 3.4.12, fixed in 3.4.13 - we were never affected
I've verified that the http/https detection still works, and that Firefox and
Google Chrome are happy with the selected cryptos with tlstunnel on x86_64.
Mime-type property was lost on new tar-file. Added application-x/xz.
Verified commit and that Chavez is building with new libs. Tested with webadmin
and webaccess with 2048 and 4096 bit keys.