I'm not quite sure about the current GnuTLS scare (see https://anarc.at/blog/2020-06-10-gnutls-audit/).
Yes, it's a nasty bug, but it's server-side. You're affected when talking to a server that makes use of TLS session tickets and relies on the implementation in GnuTLS. It doesn't matter if tons of client software use the library. I'd be surprised if session tickets get much use outside of https, so even server software like exim might be unaffected in practice.
GnuTLS advisory: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
Well ok, it's last month's GnuTLS scare really. I hate blog posts without timestamps (yes it's visible in the URL, but I didn't really notice until re-reading my post 🙄 )...
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!