OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. Reference: http://www.infradead.org/openconnect/changelog.html
That's very old. We don't actually ship OpenConnect 5.02 anywhere any more, do we? Is this merely a security housekeeping exercise to explicity mark that CVE as fixed?
@dwmw2, Yes for both questions, you can close this bug as NOTABUG.