Just to record my analysis of the debdiff: The changes are basically the same as the upstream commits, except for the PKCS#11 changes. This means that PKCS#11 certificates are still checked in full. I'm not sure where that would be used, but it is not a security problem (less is allowed than upstream, not more).
I have verified that xenial contains the same fixes by checking that _gnutls_check_if_same_key() exists there.
The changelog mentions trusty-updates, and does not close the bug report. I added (LP: #1722411)
as a final line and changed the distribution to trusty to match other uploads.
I'm building now, and will verify that the bug is fixed and upload afterwards.
Just to record my analysis of the debdiff: The changes are basically the same as the upstream commits, except for the PKCS#11 changes. This means that PKCS#11 certificates are still checked in full. I'm not sure where that would be used, but it is not a security problem (less is allowed than upstream, not more).
I have verified that xenial contains the same fixes by checking that _gnutls_ check_if_ same_key( ) exists there.
The changelog mentions trusty-updates, and does not close the bug report. I added (LP: #1722411)
as a final line and changed the distribution to trusty to match other uploads.
I'm building now, and will verify that the bug is fixed and upload afterwards.