- 24. By Marc Deslauriers on 2014-03-03
* SECURITY UPDATE: certificate validation bypass
patches/ CVE-2014- 0092.patch: correct return codes in
- 23. By Marc Deslauriers on 2013-05-27
* SECURITY UPDATE: denial of service via incorrect pad
patches/ CVE-2013- 2116.patch: added sanity check in
gnutls_ cipher. c.
- 22. By Marc Deslauriers on 2013-02-25
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
patches/ CVE-2013- 1619.patch: avoid timing attacks in
gnutls_ cipher. c, lib/gnutls_ hash_int. h.
- 21. By Tyler Hicks on 2012-04-04
* SECURITY UPDATE: Denial of service in client application
patches/ CVE-2011- 4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
* SECURITY UPDATE: Denial of service via crafted TLS record
patches/ CVE-2012- 1573.patch: Validate the size of a
kCipher structure as it is processed. Based on upstream
- 20. By Andreas Metzler <email address hidden> on 2009-11-13
Add a huge bunch of lintian overrides for the guile stuff to make dak
- 19. By Andreas Metzler <email address hidden> on 2009-11-01
.diff] Fix testsuite error. Closes: #552920
- 18. By Andreas Metzler <email address hidden> on 2009-09-26
* New upstream version.
+ Drop debian/
patches/ 15_openpgp. diff.
* Sync priorities with override file, libgnutls26 has been bumped from
important to standard.
- 17. By Andreas Metzler <email address hidden> on 2009-08-22
patches/ 15_openpgp. diff ] The CVE-2009-2730 patch broke
- 16. By Andreas Metzler <email address hidden> on 2009-08-14
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
lists.gnu. org/archive/ html/help- gnutls/ 2009-08/ msg00011. html
* Drop 15_chainverify_
expiredcert. diff, included upstream.
* Urgency high, since 541439 applies to testing, too.
- 15. By Jamie Strandboge on 2009-08-14
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
patches/ 16_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on: