Change log for gnutls12 package in Ubuntu
1 → 11 of 11 results | First • Previous • Next • Last |
gnutls12 (1.2.9-2ubuntu1.8) dapper-security; urgency=low * SECURITY UPDATE: fix potential DoS in certificate verification - debian/patches/92_CVE-2006-7239.diff: update to verify hash algorithm is supported and not NULL - CVE-2006-7239 -- Jamie Strandboge <email address hidden> Wed, 02 Jun 2010 15:25:32 -0500
Available diffs
- diff from 1.2.9-2ubuntu1.7 to 1.2.9-2ubuntu1.8 (794 bytes)
gnutls12 (1.2.9-2ubuntu1.7) dapper-security; urgency=low * SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and Subject Alternative Name (SAN) in X.509 certificates (LP: #413136) - debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN are what we expect and error out if either contains an embedded \0. This fixed required fixing gnutls_x509_crt_check_hostname() to not "treat absence of CN in subject as a successful RFC 2818 hostname" This fix also required updating _gnutls_hostname_compare() in lib/x509/rfc2818_hostname.c to support wide wildcard hostname and ip address matching. This is a backward compatible change and which only adds additional matching of hostnames. - CVE-2009-2730 -- Jamie Strandboge <email address hidden> Tue, 18 Aug 2009 14:21:17 -0500
Available diffs
Superseded in dapper-security |
Superseded in dapper-updates |
Deleted in dapper-proposed (Reason: moved to -updates) |
gnutls12 (1.2.9-2ubuntu1.5) dapper-security; urgency=low * Fix for certificate chain regressions introduced by fixes for CVE-2008-4989 * debian/patches/20_CVE-2008-4989.diff: updated to upstream's final 2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and address all known regressions. To summarize from upstream: - Fix X.509 certificate chain validation error (CVE-2008-4989) - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264) - Deprecate X.509 validation chains using MD5 and MD2 signatures - Accept chains where intermediary certs are trusted (LP: #305264) -- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 13:47:47 -0600
Available diffs
gnutls12 (1.2.9-2ubuntu1.4) dapper-security; urgency=low * Fix for regression where some valid certificate chains would be untrusted - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate is self-signed and prevent verifying self-signed certificates against themselves. Patch from upstream. - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html - LP: #305264 -- Jamie Strandboge <email address hidden> Fri, 05 Dec 2008 14:53:25 -0600
Available diffs
- diff from 1.2.9-2ubuntu1.3 to 1.2.9-2ubuntu1.4 (1005 bytes)
gnutls12 (1.2.9-2ubuntu1.3) dapper-security; urgency=low * SECURITY UPDATE: Fix for man-in-the-middle attack in certificate validation - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate if it is self-signed in lib/x509/verify.c - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248 - CVE-2008-4989 -- Jamie Strandboge <email address hidden> Tue, 25 Nov 2008 03:59:08 -0600
Available diffs
gnutls12 (1.2.9-2ubuntu1.2) dapper-security; urgency=low * SECURITY UPDATE: multiple remote denial of service. * debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian. * References GNUTLS-SA-2008-1 CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 -- Kees Cook <email address hidden> Tue, 20 May 2008 18:20:22 -0700
gnutls12 (1.2.9-2ubuntu1.1) dapper-security; urgency=low * SECURITY UPDATE: Signature forgery. * Add debian/patches/00CVS_CVE-2006-4790.patch: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. (Similar to recent OpenSSL update.) - Patch taken from upstream CVS: http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html - CVE-2006-4790 -- Martin Pitt <email address hidden> Mon, 18 Sep 2006 12:34:57 +0000
Deleted in feisty-release (Reason: (From Debian) RoM; abandoned upstream; superseded by gnut...) |
Obsolete in edgy-release |
gnutls12 (1.2.11-2ubuntu1) edgy; urgency=low * SECURITY UPDATE: Signature forgery. * Add debian/patches/00CVS_CVE-2006-4790.patch: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. (Similar to recent OpenSSL update.) - Patch taken from upstream CVS: http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html - CVE-2006-4790 -- Martin Pitt <email address hidden> Mon, 18 Sep 2006 14:40:03 +0200
gnutls12 (1.2.11-2) unstable; urgency=low [Andreas Metzler] * Set maintainer to alioth mailinglist. * Drop ancient libgnutls-doc code from debian/rules. * Link dynamically against libtasn1-3.
gnutls12 (1.2.9-2ubuntu1) dapper; urgency=low * debian/rules: Activate simple-patchsys.mk. * debian/control: Bump libtasn1-2-dev build dependency to >= 0.2.17-1ubuntu1. * Add debian/patches/01_tasn_api_length.patch: - lib/x509/xml.c: Fix calls to libtasn1-2's internal _asn1_* API calls for new libtasn1-2 version; these calls now expect a buffer length argument to check for buffer overflows. - lib/minitasn1/: Changed internal _asn1_ function prototypes in header files according to recent change in libtasn1-2. -- Martin Pitt <email address hidden> Wed, 15 Feb 2006 16:16:41 +0100
gnutls12 (1.2.9-2) unstable; urgency=low * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). -- Matthias Urlichs <email address hidden> Tue, 15 Nov 2005 19:26:02 +0100
1 → 11 of 11 results | First • Previous • Next • Last |