Comment 15 for bug 305264

This bug was fixed in the package gnutls13 - 2.0.4-1ubuntu2.3

---------------
gnutls13 (2.0.4-1ubuntu2.3) hardy-security; urgency=low

  * Fix for regression where some valid certificate chains would be untrusted
    - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
      is self-signed and prevent verifying self-signed certificates against
      themselves. Patch from upstream.
    - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
    - LP: #305264

 -- Jamie Strandboge <email address hidden> Fri, 05 Dec 2008 14:47:31 -0600