lp:ubuntu/karmic/gnutls26
- Get this branch:
- bzr branch lp:ubuntu/karmic/gnutls26
Branch information
Recent revisions
- 17. By Andreas Metzler <email address hidden>
-
[ debian/
patches/ 15_openpgp. diff ] The CVE-2009-2730 patch broke
openpgp connections. - 16. By Andreas Metzler <email address hidden>
-
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
http://lists.gnu. org/archive/ html/help- gnutls/ 2009-08/ msg00011. html
* Drop 15_chainverify_expiredcert. diff, included upstream.
* Urgency high, since 541439 applies to testing, too. - 15. By Jamie Strandboge
-
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/ 16_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0
- CVE-2009-2730 - 14. By Andreas Metzler <email address hidden>
-
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1. so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009- 1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009- 2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009- 3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
brehavior change, add a NEWS.Debian file to document it. - 13. By Andreas Metzler <email address hidden>
-
* Sync sections in debian/control with override file. libgnutls26-dbg is
section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required. - 12. By Andreas Metzler <email address hidden>
-
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate. patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_ list_import.
http://news.gmane. org/find- root.php? message_ id=%3c000001c91 d6e%2463059c90% 242910d5b0% 24%40com% 3e - 11. By Andreas Metzler <email address hidden>
-
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff: Accept v1 x509 CA
certs if GNUTLS_VERIFY_ ALLOW_ANY_ X509_V1_ CA_CRT and/or
GNUTLS_VERIFY_ ALLOW_X509_ V1_CA_CRT were supplied. Closes: #509593
+ 22_deprecate_md2_md5_ x509_validation .diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ ALGORITHM verification output. - 10. By Andreas Metzler <email address hidden>
-
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. Closes: #507633 - 9. By Andreas Metzler <email address hidden>
-
Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. Closes: #505279 - 8. By Andreas Metzler <email address hidden>
-
[CVE-2008-
4989.diff] Fix man in the middle attack for certificate
verification. CVE-2008-4989 GNUTLS-SA-2008-3
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/gnutls26