bugbot adjusting priority

The upstream discussion is at http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html

The default in HEAD seems to be 1008.
Look at gnutls_dh_set_prime_bits which may allow downgrades.

There does not seem to be an upstream change.

The default on SLE-12 for NORMAL security level is 767.
SLE 10 and 11 default (for NORMAL) to 727, but the command line tool hardcodes 512 as the minimum.

I'll change gnutls-cli to use the default limit.
Is the default otherwise acceptable, or should we go higher like we did with openssl?

we can bump the gnutls cli limit to the default limit.

i would not go higher right now.

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-08-18.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62242

SUSE-SU-2015:1526-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 925499,932026
CVE References: CVE-2015-4000
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Server 11-SP4 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Server 11-SP3 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise High Availability Extension 11-SP3 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gnutls-2.4.1-24.39.57.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    gnutls-2.4.1-24.39.57.1

released