Created by James Westby on 2009-07-08 and last modified on 2013-02-25
Get this branch:
bzr branch lp:ubuntu/hardy-security/gnutls13
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

19. By Marc Deslauriers on 2013-02-25

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/91_CVE-2013-1619.diff: avoid timing attacks in
    lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
  - CVE-2013-1619

18. By Tyler Hicks on 2012-04-04

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
  - CVE-2012-1573

17. By Jamie Strandboge on 2009-08-14

* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
  Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
  - debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
    are what we expect and error out if either contains an embedded \0.
    This fixed required updating _gnutls_hostname_compare() in
    lib/x509/rfc2818_hostname.c to support wide wildcard hostname matching.
    This is a backward compatible change and which only adds additional
    matching of hostnames.
  - CVE-2009-2730

16. By Jamie Strandboge on 2008-12-05

* Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264

15. By Jamie Strandboge on 2008-11-25

* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989

14. By Kees Cook on 2008-05-20

* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
  CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

13. By Steve Langasek on 2008-02-22

* Pulled from upstream, by way of Debian:
  + debian/patches/20_nulltermfix_465197.diff
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    et al. to not null terminate binary strings and return the proper
  + debian/patches/21_nulltermfix_465197_part2.diff
    corrected string handling in parse_general_name.

12. By Martin Pitt on 2007-12-03

* Merge from debian unstable, remaining changes:
  - debian/rules: Use clean-la.mk.

11. By Martin Pitt on 2007-11-06

Use clean-la.mk to remove the dependencies from the .la files.

10. By Andreas Metzler <email address hidden> on 2007-09-29

* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
  (Closes: #441740)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.