Change log for gnutls12 package in Ubuntu
| 1 → 11 of 11 results | First • Previous • Next • Last |
gnutls12 (1.2.9-2ubuntu1.8) dapper-security; urgency=low
* SECURITY UPDATE: fix potential DoS in certificate verification
- debian/patches/92_CVE-2006-7239.diff: update to verify hash
algorithm is supported and not NULL
- CVE-2006-7239
-- Jamie Strandboge <email address hidden> Wed, 02 Jun 2010 15:25:32 -0500
Available diffs
- diff from 1.2.9-2ubuntu1.7 to 1.2.9-2ubuntu1.8 (794 bytes)
gnutls12 (1.2.9-2ubuntu1.7) dapper-security; urgency=low
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required fixing gnutls_x509_crt_check_hostname() to not
"treat absence of CN in subject as a successful RFC 2818 hostname"
This fix also required updating _gnutls_hostname_compare() in
lib/x509/rfc2818_hostname.c to support wide wildcard hostname and ip
address matching. This is a backward compatible change and which only
adds additional matching of hostnames.
- CVE-2009-2730
-- Jamie Strandboge <email address hidden> Tue, 18 Aug 2009 14:21:17 -0500
Available diffs
| Superseded in dapper-security |
| Superseded in dapper-updates |
| Deleted in dapper-proposed (Reason: moved to -updates) |
gnutls12 (1.2.9-2ubuntu1.5) dapper-security; urgency=low
* Fix for certificate chain regressions introduced by fixes for
CVE-2008-4989
* debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
address all known regressions. To summarize from upstream:
- Fix X.509 certificate chain validation error (CVE-2008-4989)
- Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
- Deprecate X.509 validation chains using MD5 and MD2 signatures
- Accept chains where intermediary certs are trusted (LP: #305264)
-- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 13:47:47 -0600
Available diffs
gnutls12 (1.2.9-2ubuntu1.4) dapper-security; urgency=low
* Fix for regression where some valid certificate chains would be untrusted
- Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
is self-signed and prevent verifying self-signed certificates against
themselves. Patch from upstream.
- http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
- LP: #305264
-- Jamie Strandboge <email address hidden> Fri, 05 Dec 2008 14:53:25 -0600
Available diffs
- diff from 1.2.9-2ubuntu1.3 to 1.2.9-2ubuntu1.4 (1005 bytes)
gnutls12 (1.2.9-2ubuntu1.3) dapper-security; urgency=low
* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
validation
- debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
if it is self-signed in lib/x509/verify.c
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
- CVE-2008-4989
-- Jamie Strandboge <email address hidden> Tue, 25 Nov 2008 03:59:08 -0600
Available diffs
gnutls12 (1.2.9-2ubuntu1.2) dapper-security; urgency=low
* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
GNUTLS-SA-2008-1
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
-- Kees Cook <email address hidden> Tue, 20 May 2008 18:20:22 -0700
gnutls12 (1.2.9-2ubuntu1.1) dapper-security; urgency=low
* SECURITY UPDATE: Signature forgery.
* Add debian/patches/00CVS_CVE-2006-4790.patch:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate. (Similar to
recent OpenSSL update.)
- Patch taken from upstream CVS:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
- CVE-2006-4790
-- Martin Pitt <email address hidden> Mon, 18 Sep 2006 12:34:57 +0000
| Deleted in feisty-release (Reason: (From Debian) RoM; abandoned upstream; superseded by gnut...) |
| Obsolete in edgy-release |
gnutls12 (1.2.11-2ubuntu1) edgy; urgency=low
* SECURITY UPDATE: Signature forgery.
* Add debian/patches/00CVS_CVE-2006-4790.patch:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate. (Similar to
recent OpenSSL update.)
- Patch taken from upstream CVS:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
- CVE-2006-4790
-- Martin Pitt <email address hidden> Mon, 18 Sep 2006 14:40:03 +0200
gnutls12 (1.2.11-2) unstable; urgency=low [Andreas Metzler] * Set maintainer to alioth mailinglist. * Drop ancient libgnutls-doc code from debian/rules. * Link dynamically against libtasn1-3.
gnutls12 (1.2.9-2ubuntu1) dapper; urgency=low
* debian/rules: Activate simple-patchsys.mk.
* debian/control: Bump libtasn1-2-dev build dependency to >=
0.2.17-1ubuntu1.
* Add debian/patches/01_tasn_api_length.patch:
- lib/x509/xml.c: Fix calls to libtasn1-2's internal _asn1_* API calls for
new libtasn1-2 version; these calls now expect a buffer length argument to
check for buffer overflows.
- lib/minitasn1/: Changed internal _asn1_ function prototypes in header
files according to recent change in libtasn1-2.
-- Martin Pitt <email address hidden> Wed, 15 Feb 2006 16:16:41 +0100
gnutls12 (1.2.9-2) unstable; urgency=low
* Install /usr/lib/pkgconfig/*.pc files.
* Depend on texinfo (>= 4.8, for the @euro{} sign).
-- Matthias Urlichs <email address hidden> Tue, 15 Nov 2005 19:26:02 +0100
| 1 → 11 of 11 results | First • Previous • Next • Last |
