lp:ubuntu/precise-security/gnutls26
- Get this branch:
- bzr branch lp:ubuntu/precise-security/gnutls26
Branch merges
Branch information
Recent revisions
- 44. By Marc Deslauriers
-
debian/
patches/ compare_ ca_name_ and_key. patch: when comparing a CA
certificate with the trusted list compare the name and key. This will
allow the future removal of 1024-bit RSA keys from the ca-certificates
package. - 43. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
- debian/patches/ CVE-2015- 7575.patch: do not consider any values from
the extension data to decide acceptable algorithms in
lib/ext_signature. c.
- CVE-2015-7575 - 42. By Bryan Quigley
-
* SECURITY UPDATE: Poodle TLS issue
- debian/patches/ fix_tls_ poodle. patch: fixes off by one
issue in padding check.
Patch created by Hanno Boeck (https://hboeck. de/)
(LP: #1510163) - 41. By Marc Deslauriers
-
* SECURITY UPDATE: signature forgery issue
- debian/patches/ CVE-2015- 0282.patch: make sure the signature
algorithms match in lib/gnutls_algorithms. c, lib/gnutls_ algorithms. h,
lib/gnutls_ pubkey. c, lib/gnutls_sig.c, lib/x509/common.h,
lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
lib/x509/x509. c, lib/x509/ x509_int. h.
- CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
- debian/patches/ CVE-2015- 0294.patch: make sure the two signature
algorithms match on cert import in lib/x509/x509.c.
- CVE-2015-0294 - 40. By Marc Deslauriers
-
* SECURITY UPDATE: memory corruption due to server hello parsing
- debian/patches/ CVE-2014- 3466.patch: validate session_id_len in
lib/gnutls_ handshake. c.
- CVE-2014-3466 - 39. By Marc Deslauriers
-
* SECURITY UPDATE: certificate validation bypass
- debian/patches/ CVE-2014- 0092.patch: correct return codes in
lib/x509/verify. c.
- CVE-2014-0092 - 38. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect v1 intermediate cert handling
- debian/patches/ CVE-2014- 1959.patch: don't consider a v1 intermediate
cert to be a valid CA by default in lib/x509/verify.c.
- CVE-2014-1959 - 37. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via incorrect pad
- debian/patches/ CVE-2013- 2116.patch: added sanity check in
lib/gnutls_ cipher. c.
- CVE-2013-2116 - 36. By Marc Deslauriers
-
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/ CVE-2013- 1619.patch: avoid timing attacks in
lib/gnutls_ cipher. c, lib/gnutls_ hash_int. h.
- CVE-2013-1619 - 35. By Tyler Hicks
-
* SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661)
- debian/patches/ CVE-2012- 1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/gnutls26