On 04/07/2014 09:06 AM, Marcus Meissner wrote:
On Mon, Apr 07, 2014 at 08:39:58AM -0400, Hans Krueger wrote:
has this been fixed in suse ?
http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hun...
Yes, 1 month ago.
openSUSE issues: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html
SLES updates are also listed there.
And just for completeness: Using: rpm -q --changelog gnutls | less will show you the changelog, for the current gnutls package it shows: * Mon Mar 03 2014 shchang@suse.com - Fixed bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification Add patch file: CVE-2014-0092.patch Enable elliptic curve and so ECDH support again to meet modern cryptographic requirements, removed gnutls-3.2.4-noecc.patch. and zypper info gnutls provides some information about the package and provides a best guess estimate from which repository the intalled package originated. Later, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead Public Cloud Architect rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org