Closed pasis closed 3 years ago
Ubuntu 20.04 with gnutls 3.6.13 doesn't report the issue.
This is an issue inside GnuTLS ... seems like Ubuntu gave up on maintaining this package pretty early if they stopped at 3.4.10 ... the latest version of the 3.4 series is 3.4.17 ... Debian seems to have packaged until 3.4.14 ...
This GnuTLS version is nearly 5 years old and 16.04 is out of the regular maintenance updates and will only receive updates if you're a paying customer ... IMO either we find a paying customer to report this to Canonical or we can ignore this.
@ueno are you aware of this issue?
@ametzler highlighting you here only FYI, as you're the maintainer of https://salsa.debian.org/gnutls-team/gnutls IIUC
@nmav highlighting you here as you were GnuTLS maintainer at the time this version was released and you're now at Canonical :)
@sjaeckel: Please do not mistake "stopped at version x" for "gave up on maintaining". See https://www.debian.org/security/faq.en.html#oldversion Debian 9 (stretch) is not supported directly by the Debian (and its security team) anymore https://lists.debian.org/debian-announce/2020/msg00004.html The Debian LTS project might provide an update though. Did you bisect this?
Please do not mistake "stopped at version x" for "gave up on maintaining".
Definitely not :)
Did you bisect this?
Sorry, no I didn't investigate further than checking the versions.
I wasn't aware, but the offending code has been removed as part of this change, backported to the 3.5 branch during the 3.6 development cycle. Therefore I believe it's no longer applicable to any maintained gnutls releases in upstream.
Thank you all for update! I've changed Ubuntu version to 20.04 in the travis config. Closing this issue.
This issue is reproducible on Ubuntu 16.04 32bit and not reproducible on latest Gentoo 64bit.
gnutls version in Ubuntu: 3.4.10