This bug was fixed in the package gnutls28 - 3.5.17-1ubuntu1 --------------- gnutls28 (3.5.17-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl * Build with --with-included-unistring for now as our libunistring is too old and needs a transition. gnutls28 (3.5.17-1) unstable; urgency=low * New upstream version. + When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. Closes: #885127 gnutls28 (3.5.16-1) unstable; urgency=medium * New upstream version. + Fixes interoperability issue with openssl when safe renegotiation was used. Closes: #873055 * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Closes: #876587 gnutls28 (3.5.15-2) unstable; urgency=medium * Upload to unstable. gnutls28 (3.5.15-1) experimental; urgency=medium * New upstream version. Drop unneeded patches. (31_arm64ilp32-unaccelerated.patch 35_record-added-sanity-checking-in-the-record-layer-ver.patch 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch) gnutls28 (3.5.14-3) unstable; urgency=low * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an already terminated or deinitialized session. Closes: #867303 * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting to accessing past the input data. * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly code on arm64ilp32 to fix FTBFS. Closes: #872454 * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8. * Standards-Version 4.0.1, update priorities (extra->optional). gnutls28 (3.5.14-2) unstable; urgency=medium * Upload to unstable. gnutls28 (3.5.14-1) experimental; urgency=low [ Dan Nicholson ] * Build with --disable-rpath. Closes: #865674 [ Andreas Metzler ] * New upstream version. * Build against external libunistring. gnutls28 (3.5.13-2) unstable; urgency=medium * Upload to unstable, merge changelogs. gnutls28 (3.5.13-1) experimental; urgency=low * New upstream version. + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch. + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer dereference. #864560 gnutls28 (3.5.12-2) experimental; urgency=medium * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct typo preventing the run of openpgp test. * Stop disabling heartbeat support. Closes: #861193 gnutls28 (3.5.12-1) experimental; urgency=medium * New upstream version. * Bump dep info on gnutls_session_ext_register. gnutls28 (3.5.11-1) experimental; urgency=medium * New upstream version. * gnutls.pc: do not include libtool options into Libs.private. Closes: #857943 * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and Libs.private. (LP: #1660915) * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. Closes: #857436 * Add b-d on ca-certificates, needed for trust-store check. gnutls28 (3.5.10-1) experimental; urgency=medium * New upstream version. + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888 + Includes fixes for GNUTLS-SA-2017-3[ABC]. + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct and gnutls_ocsp_resp_verify which now accept (more) flags. gnutls28 (3.5.9-1) experimental; urgency=medium * New upstream version. + Drop debian/patches/35_0*. + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map. * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of libidn11-dev. -- Julian Andres Klode