Comment 5 for bug 1722411

Just to record my analysis of the debdiff: The changes are basically the same as the upstream commits, except for the PKCS#11 changes. This means that PKCS#11 certificates are still checked in full. I'm not sure where that would be used, but it is not a security problem (less is allowed than upstream, not more).

I have verified that xenial contains the same fixes by checking that _gnutls_check_if_same_key() exists there.

The changelog mentions trusty-updates, and does not close the bug report. I added (LP: #1722411)
as a final line and changed the distribution to trusty to match other uploads.

I'm building now, and will verify that the bug is fixed and upload afterwards.