ubuntu/+source/gnutls26:applied/ubuntu/lucid-security

Last commit made on 2015-03-23
Get this branch:
git clone -b applied/ubuntu/lucid-security https://git.launchpad.net/ubuntu/+source/gnutls26
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-security
Repository:
lp:ubuntu/+source/gnutls26

Recent commits

0348d26... by Marc Deslauriers on 2015-03-20

Import patches-applied version 2.8.5-2ubuntu0.7 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7da4ba3acb6e2ce84410e36f97b57f1c36b90b8d
Unapplied parent: eeaf66a09392acedd301bf88f4db8a897e24c48d

New changelog entries:
  * SECURITY UPDATE: signature forgery issue
    - debian/patches/CVE-2015-0282.patch: make sure the signature
      algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
      lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
      lib/x509/x509_int.h.
    - CVE-2015-0282
  * SECURITY UPDATE: certificate algorithm consistency issue
    - debian/patches/CVE-2015-0294.patch: make sure the two signature
      algorithms match on cert import in lib/x509/x509.c.
    - CVE-2015-0294
  * SECURITY UPDATE: missing date/time checks on CA certificates
    - debian/patches/CVE-2014-8155.patch: perform time verification on
      trusted certificate list in lib/includes/gnutls/x509.h,
      lib/x509/verify.c.
    - CVE-2014-8155

eeaf66a... by Marc Deslauriers on 2015-03-20

[PATCH] Extended time verification to trusted certificate list as well. Introduced the flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the trusted certificate list verification.

Gbp-Pq: CVE-2014-8155.patch.

32ded42... by Marc Deslauriers on 2015-03-20

fix signature forgery issue

Gbp-Pq: CVE-2015-0282.patch.

ad130fc... by Marc Deslauriers on 2015-03-20

[PATCH] added fix for certificate algorithm consistency check

Gbp-Pq: CVE-2015-0294.patch.

7cd97fa... by Marc Deslauriers on 2015-03-20

[PATCH] Prevent memory corruption due to server hello parsing.

Gbp-Pq: CVE-2014-3466.patch.

e0569a7... by Marc Deslauriers on 2015-03-20

fix certificate validation bypass

Gbp-Pq: CVE-2014-0092.patch.

5fd4453... by Marc Deslauriers on 2015-03-20

[PATCH] re-applied sanity check patch

Gbp-Pq: CVE-2013-2116.patch.

c2891a3... by Marc Deslauriers on 2015-03-20

fix "Lucky Thirteen" timing side-channel TLS attack

Gbp-Pq: CVE-2013-1619.patch.

fc42abd... by Marc Deslauriers on 2015-03-20

certhash.diff

No DEP3 Subject or Description header found

Gbp-Pq: certhash.diff.

35c2999... by Marc Deslauriers on 2015-03-20

Validate record size when parsing GenericBlockCipher structure

Gbp-Pq: CVE-2012-1573.patch.