Created by James Westby on 2009-07-08 and last modified on 2009-07-08
Get this branch:
bzr branch lp:ubuntu/gutsy-updates/gnutls13
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

12. By Jamie Strandboge on 2008-12-05

* Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264

11. By Jamie Strandboge on 2008-11-25

* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989

10. By Kees Cook on 2008-05-20

* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
  CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

9. By LaMont Jones on 2007-10-02

Trigger rebuild for hppa.

8. By Andreas Metzler <email address hidden> on 2007-05-27

* New upstream version, pulling selected fixes and features from 1.7.x.
* Bump shlibs.

7. By Andreas Metzler <email address hidden> on 2007-05-13

Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

6. By Andreas Metzler <email address hidden> on 2007-04-21

* New upstream version
  - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
    certificates, since it contains a regenerated pkix_asn1_tab.c.
  - Ship German translation. Closes: #392857

5. By Matthias Klose on 2007-03-05

Rebuild for changes in the amd64 toolchain.

4. By Andreas Metzler <email address hidden> on 2006-11-11

Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
version, try to negotiate the highest version support by the GnuTLS
server, instead of the lowest.

3. By Martin Pitt on 2006-09-18

* SECURITY UPDATE: Signature forgery.
* Add debian/patches/00CVS_CVE-2006-4790.patch:
  - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
    applications from incorrectly verifying the certificate. (Similar to
    recent OpenSSL update.)
  - Patch taken from upstream CVS:
  - CVE-2006-4790

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.