DSA-1935-1

Name	DSA-1935-1
Source	Debian
Description	gnutls13 gnutls26 - SSL certificate
References	CVE-2009-2409, CVE-2009-2730
Debian/oldstable	package gnutls13 is fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gnutls13 (PTS)	etch	1.4.4-3+etch4	vulnerable
	etch (security)	1.4.4-3+etch5	fixed
gnutls26 (PTS)	lenny, lenny (security)	2.4.2-6+lenny2	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
gnutls-bin, libgnutls-dev, libgnutls13, libgnutls13-dbg	etch	1.4.4-3+etch4	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	1.4.4-3+etch5	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
gnutls-bin, libgnutls-dev, libgnutls26, libgnutls26-dbg	lenny, lenny (security)	2.4.2-6+lenny2	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
gnutls-doc	etch	1.4.4-3+etch4	vulnerable	all
	etch (security)	1.4.4-3+etch5	fixed	all
	lenny, lenny (security)	2.4.2-6+lenny2	fixed	all
guile-gnutls	lenny, lenny (security)	2.4.2-6+lenny2	fixed	alpha, amd64, arm, armel, hppa, i386, mips, mipsel, powerpc, s390, sparc

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gnutls13	source	etch	1.4.4-3+etch5	unknown
gnutls26	source	lenny	2.4.2-6+lenny2	unknown

Home - Testing Security Team - Debian Security - Imprint