lp:ubuntu/jaunty-security/gnutls26
- Get this branch:
- bzr branch lp:ubuntu/jaunty-security/gnutls26
Branch merges
Branch information
Recent revisions
- 13. By Jamie Strandboge
-
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/ 26_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0
- CVE-2009-2730 - 12. By Andreas Metzler <email address hidden>
-
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate. patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_ list_import.
http://news.gmane. org/find- root.php? message_ id=%3c000001c91 d6e%2463059c90% 242910d5b0% 24%40com% 3e - 11. By Andreas Metzler <email address hidden>
-
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff: Accept v1 x509 CA
certs if GNUTLS_VERIFY_ ALLOW_ANY_ X509_V1_ CA_CRT and/or
GNUTLS_VERIFY_ ALLOW_X509_ V1_CA_CRT were supplied. Closes: #509593
+ 22_deprecate_md2_md5_ x509_validation .diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ ALGORITHM verification output. - 10. By Andreas Metzler <email address hidden>
-
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. Closes: #507633 - 9. By Andreas Metzler <email address hidden>
-
Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. Closes: #505279 - 8. By Andreas Metzler <email address hidden>
-
[CVE-2008-
4989.diff] Fix man in the middle attack for certificate
verification. CVE-2008-4989 GNUTLS-SA-2008-3 - 7. By Andreas Metzler <email address hidden>
-
* New upstream bugfix release.
* Up to date gnutls-cli manpage. Closes: #492775 - 5. By Andreas Metzler <email address hidden>
-
New upstream version, fixing a local denial of service vulnerability only
present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 - 4. By Andreas Metzler <email address hidden>
-
* Standards version 3.8.0. Rename README.
source_ and_patches to README.source.
* Upload to unstable.
* Point watchfile to stable releases again.
* Merge experimental and unstable changelog.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/gnutls26