ubuntu/+source/gnutls26:ubuntu/precise-updates

Last commit made on 2017-03-20
Get this branch:
git clone -b ubuntu/precise-updates https://git.launchpad.net/ubuntu/+source/gnutls26
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-updates
Repository:
lp:ubuntu/+source/gnutls26

Recent commits

8d14401... by Marc Deslauriers on 2017-03-15

Import patches-unapplied version 2.12.14-5ubuntu3.14 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e82d47b9abbc0b2dda2857ae6f29d6b35bb14c3c

New changelog entries:
  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
      lib/gnutls_state.c.
    - CVE-2016-8610

e82d47b... by Marc Deslauriers on 2017-01-26

Import patches-unapplied version 2.12.14-5ubuntu3.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5051a9f2f4db6a42b7dbf254247c0dd3d49616dd

New changelog entries:
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337

5051a9f... by Marc Deslauriers on 2016-02-05

Import patches-unapplied version 2.12.14-5ubuntu3.12 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a426122347654bdd610686516adcee46e659d20a

New changelog entries:
  * debian/patches/compare_ca_name_and_key.patch: when comparing a CA
    certificate with the trusted list compare the name and key. This will
    allow the future removal of 1024-bit RSA keys from the ca-certificates
    package.

a426122... by Marc Deslauriers on 2016-01-07

Import patches-unapplied version 2.12.14-5ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e5670c46c414638aa96fd484504400f119056bab

New changelog entries:
  * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: do not consider any values from
      the extension data to decide acceptable algorithms in
      lib/ext_signature.c.
    - CVE-2015-7575

e5670c4... by Bryan Quigley on 2015-11-25

Import patches-unapplied version 2.12.14-5ubuntu3.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ba6c76d48f6c14ed1c987459ca412a3e84c1a30c

New changelog entries:
  * SECURITY UPDATE: Poodle TLS issue
    - debian/patches/fix_tls_poodle.patch: fixes off by one
      issue in padding check.
      Patch created by Hanno Boeck (https://hboeck.de/)
    (LP: #1510163)

ba6c76d... by Marc Deslauriers on 2015-03-20

Import patches-unapplied version 2.12.14-5ubuntu3.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f25c2a640e0bd110b3ca45597c1bd7ecf0926839

New changelog entries:
  * SECURITY UPDATE: signature forgery issue
    - debian/patches/CVE-2015-0282.patch: make sure the signature
      algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
      lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h,
      lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
      lib/x509/x509.c, lib/x509/x509_int.h.
    - CVE-2015-0282
  * SECURITY UPDATE: certificate algorithm consistency issue
    - debian/patches/CVE-2015-0294.patch: make sure the two signature
      algorithms match on cert import in lib/x509/x509.c.
    - CVE-2015-0294

f25c2a6... by Marc Deslauriers on 2014-06-01

Import patches-unapplied version 2.12.14-5ubuntu3.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 6bf3f17407ff3f002dc8f08aa9eca99131c43b99

New changelog entries:
  * SECURITY UPDATE: memory corruption due to server hello parsing
    - debian/patches/CVE-2014-3466.patch: validate session_id_len in
      lib/gnutls_handshake.c.
    - CVE-2014-3466

6bf3f17... by Marc Deslauriers on 2014-03-03

Import patches-unapplied version 2.12.14-5ubuntu3.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 1b9b771eae9d053ba584cf585298edb2247bece8

New changelog entries:
  * SECURITY UPDATE: certificate validation bypass
    - debian/patches/CVE-2014-0092.patch: correct return codes in
      lib/x509/verify.c.
    - CVE-2014-0092

1b9b771... by Marc Deslauriers on 2014-02-24

Import patches-unapplied version 2.12.14-5ubuntu3.6 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c64314cff4a4ee8f1e780c8863b4839076dbb7f2

New changelog entries:
  * SECURITY UPDATE: incorrect v1 intermediate cert handling
    - debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate
      cert to be a valid CA by default in lib/x509/verify.c.
    - CVE-2014-1959

c64314c... by Adam Stokes on 2013-08-05

Import patches-unapplied version 2.12.14-5ubuntu3.5 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: ebfaea9ee7244e3b8ee58191d615a9df0d5a333d

New changelog entries:
  * debian/patches/26_ignore_key_usage_violation.patch:
    Prints debug message on key usage violation rather than treating
    the violation as fatal. (LP: #1207123)