How do I force my Debian system to update GnuTLS?

Question

After the news broke that GnuTLS is broken

hacker news | arstechnica

I would like to know how to find out if my system(s) Debian 7.1 Stable & Debian 7.1 Testing are safe and more specifically how to update & upgrade them. There are many tools that I use on a daily basis...

I used this >

sudo apt-cache --installed rdepends libgnutls26 libgnutls28 libcurl3-gnutls

and found literally dozens of dependencies >

libgnutls26
Reverse Depends:
  libgtk-3-0
  cinnamon-settings-daemon
  libavformat55
  libavformat54
  libxmlsec1-gnutls
  libwireshark3
  samba-libs
  rtmpdump
  librtmp0
  python-pycurl
  libldap-2.4-2
  ntfs-3g
  network-manager
  libnm-util2
  libnm-glib4
  libnm-glib-vpn1
  libneon27-gnutls
  mutt
  libimobiledevice4
  libgcrypt11
  libavformat54
  printer-driver-gutenprint
  libgtk-3-0
  libgtk2.0-0
  gstreamer1.0-plugins-bad
  libgnutlsxx27
  libgnutls-openssl27
  libgnutls-dev
  libgnustep-base1.22
  gnomint
  libgnomevfs2-0
  glib-networking
  libgs9
  exim4-daemon-light
  libcurl3-gnutls
  libcupsfilters1
  libcups2
  cups-daemon
  printer-driver-c2esp
libgnutls28
Reverse Depends:
  vlc-nox
  wget
  vlc-nox
libcurl3-gnutls
Reverse Depends:
  virtualbox-4.2
  flashplugin-nonfree
  libraptor2-0
  python-pycurl
  libreoffice-core
  libquvi7
  liboauth0
  libcmis-0.3-3
  jp2a
  gstreamer1.0-plugins-bad
  gstreamer0.10-plugins-bad
  gnupg2
  gnash-common
  git

Answer 1

I applied a patch today with this description:

gnutls26 (2.12.20-8+deb7u1) wheezy-security; urgency=high

  * 38_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
    validation issue. CVE-2014-0092

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Mar 2014 07:44:51 +0100

Assuming this is the vulnerability you're talking about, if you just apply the latest update from the wheezy-security repo, you'll be safe.

Answer 2

You can update the package with commands something below:

apt-get update; apt-cache policy libgnutls26
apt-get update; apt-cache policy libgnutls27

You can check with the command below which packages depend/use the gnutls package:

lsof | grep gnutls

After the update of gnutls you should restart the applications that use gnutls to make sure the update has been effective.