Originally Posted by volkerdi
Slackware 12.1 - 13.0 already had an upgrade to gnutls-2.8.4 to fix previous issues, so those would be the versions to patch there.
This turned out to be a lot more work than I bargained for. But, it's for a great distrib and I sorta offered, so...I rolled up my sleeves and
here it is.
contains patchsets for GnuTLS 2.8.4, GnuTLS 2.8.6, and GnuTLS 2.10.5 which address:
GnuTLS 2.8.4 GnuTLS 2.8.6 GnuTLS 2.10.5
------------ ------------ -------------
CVE-2009-3555 X X
CVE-2011-4128 X X X
CVE-2012-1569 X X X
CVE-2012-1573 X X X
CVE-2013-1619 X X X
CVE-2013-2116 X X X
After their application, all publicly-disclosed GnuTLS vulnerabilities still outstanding in five Slackware versions (12.1-13.37) will be patched.
Slackware 14.0 & current are already OK.
take a look at the README first; It contains important info.
The signature (gnutls-cve-backports.tar.bz2.sig
) was made with this key:
PGP: 0x25168EB24F0B22AC 56B7 100E F4D5 811C 8FEF ADD1 2516 8EB2 4F0B 22AC