Ubuntu

Change log for “gnutls13” package in Ubuntu

127 of 27 results
Published in hardy-updates on 2013-02-27
Published in hardy-security on 2013-02-27
gnutls13 (2.0.4-1ubuntu2.9) hardy-security; urgency=low

  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/91_CVE-2013-1619.diff: avoid timing attacks in
      lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
    - CVE-2013-1619
 -- Marc Deslauriers <email address hidden>   Mon, 25 Feb 2013 13:50:40 -0500
Superseded in hardy-updates on 2013-02-27
Deleted in hardy-proposed on 2013-03-01 (Reason: moved to -updates)
gnutls13 (2.0.4-1ubuntu2.8) hardy-proposed; urgency=low

  * Apply upstream patch to fix validation of certificates when more than
    one with the same short hash exists in the CA bundle (LP: #1003841).
 -- Thorsten Glaser <email address hidden>   Thu, 31 May 2012 13:48:18 +0200
Superseded in hardy-updates on 2012-07-20
Superseded in hardy-security on 2013-02-27
gnutls13 (2.0.4-1ubuntu2.7) hardy-security; urgency=low

  * SECURITY UPDATE: Denial of service in client application
    - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
      session data. Based on upstream patch.
    - CVE-2011-4128
  * SECURITY UPDATE: Denial of service via crafted TLS record
    - debian/patches/CVE-2012-1573.patch: Validate the size of a
      GenericBlockCipher structure as it is processed. Based on upstream
      patch.
    - CVE-2012-1573
 -- Tyler Hicks <email address hidden>   Wed, 04 Apr 2012 11:13:02 -0500
Superseded in hardy-updates on 2012-04-05
Superseded in hardy-security on 2012-04-05
gnutls13 (2.0.4-1ubuntu2.6) hardy-security; urgency=low

  * SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
    Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
    - debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
      are what we expect and error out if either contains an embedded \0.
      This fixed required updating _gnutls_hostname_compare() in
      lib/x509/rfc2818_hostname.c to support wide wildcard hostname matching.
      This is a backward compatible change and which only adds additional
      matching of hostnames.
    - CVE-2009-2730

 -- Jamie Strandboge <email address hidden>   Fri, 14 Aug 2009 14:57:08 -0500
Superseded in hardy-updates on 2009-08-20
Deleted in hardy-proposed on 2009-09-24 (Reason: moved to -updates)
gnutls13 (2.0.4-1ubuntu2.5) hardy-security; urgency=low

  * Fix for certificate chain regressions introduced by fixes for
    CVE-2008-4989
  * debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

 -- Jamie Strandboge <email address hidden>   Fri, 20 Feb 2009 13:02:36 -0600
Obsolete in gutsy-proposed on 2011-09-16
gnutls13 (1.6.3-1ubuntu0.4) gutsy-security; urgency=low

  * Fix for certificate chain regressions introduced by fixes for
    CVE-2008-4989
  * debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

 -- Jamie Strandboge <email address hidden>   Fri, 20 Feb 2009 13:05:18 -0600
Superseded in hardy-proposed on 2009-02-21
gnutls13 (2.0.4-1ubuntu2.4) hardy-proposed; urgency=low

  * Bump up maximum handshake packet size.  Some clients needs this,
    especially when talking to some Intrepid services (LP: #292604).

 -- Kees Cook <email address hidden>   Tue, 13 Jan 2009 18:10:08 -0800
Superseded in hardy-updates on 2009-07-08
Superseded in hardy-security on 2009-08-19
gnutls13 (2.0.4-1ubuntu2.3) hardy-security; urgency=low

  * Fix for regression where some valid certificate chains would be untrusted
    - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
      is self-signed and prevent verifying self-signed certificates against
      themselves. Patch from upstream.
    - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
    - LP: #305264

 -- Jamie Strandboge <email address hidden>   Fri, 05 Dec 2008 14:47:31 -0600

Available diffs

Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
gnutls13 (1.6.3-1ubuntu0.3) gutsy-security; urgency=low

  * Fix for regression where some valid certificate chains would be untrusted
    - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
      is self-signed and prevent verifying self-signed certificates against
      themselves. Patch from upstream.
    - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
    - LP: #305264

 -- Jamie Strandboge <email address hidden>   Fri, 05 Dec 2008 14:49:34 -0600

Available diffs

Superseded in hardy-updates on 2008-12-10
Superseded in hardy-security on 2008-12-09
gnutls13 (2.0.4-1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
    validation
    - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
      if it is self-signed in lib/x509/verify.c
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
    - CVE-2008-4989

 -- Jamie Strandboge <email address hidden>   Tue, 25 Nov 2008 03:52:47 -0600
Superseded in gutsy-updates on 2008-12-10
Superseded in gutsy-security on 2008-12-09
gnutls13 (1.6.3-1ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
    validation
    - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
      if it is self-signed in lib/x509/verify.c
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
    - CVE-2008-4989

 -- Jamie Strandboge <email address hidden>   Tue, 25 Nov 2008 03:55:25 -0600
Deleted in intrepid-release on 2008-10-17 (Reason: (From Debian) ROM; obsolete library version )
Superseded in intrepid-release on 2008-10-13
gnutls13 (2.0.4-1ubuntu3) intrepid; urgency=low

  * No change upload of -security version to intrepid to make it
    installable

 -- Jonathan Riddell <email address hidden>   Thu, 03 Jul 2008 13:10:01 +0100

Available diffs

Superseded in hardy-updates on 2008-11-26
Superseded in hardy-security on 2008-11-26
gnutls13 (2.0.4-1ubuntu2.1) hardy-security; urgency=low

  * SECURITY UPDATE: multiple remote denial of service.
  * debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
  * References
    GNUTLS-SA-2008-1
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

 -- Kees Cook <email address hidden>   Tue, 20 May 2008 18:20:22 -0700
Superseded in gutsy-updates on 2008-11-26
Superseded in gutsy-security on 2008-11-26
gnutls13 (1.6.3-1ubuntu0.1) gutsy-security; urgency=high

  * SECURITY UPDATE: multiple remote denial of service.
  * debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
  * References
    GNUTLS-SA-2008-1
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

 -- Kees Cook <email address hidden>   Tue, 20 May 2008 18:20:22 -0700
Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
gnutls13 (1.4.4-3ubuntu0.1) feisty-security; urgency=high

  * SECURITY UPDATE: multiple remote denial of service.
  * debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
  * References
    GNUTLS-SA-2008-1
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

 -- Kees Cook <email address hidden>   Tue, 20 May 2008 18:20:22 -0700
Superseded in intrepid-release on 2008-07-03
Published in hardy-release on 2008-02-29
gnutls13 (2.0.4-1ubuntu2) hardy; urgency=low

  * Pulled from upstream, by way of Debian:
    + debian/patches/20_nulltermfix_465197.diff
      Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
      et al. to not null terminate binary strings and return the proper
      size.
    + debian/patches/21_nulltermfix_465197_part2.diff
      corrected string handling in parse_general_name.

 -- Steve Langasek <email address hidden>   Fri, 22 Feb 2008 07:39:07 +0000
Superseded in hardy-release on 2008-02-29
gnutls13 (2.0.4-1ubuntu1) hardy; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/rules: Use clean-la.mk.

Superseded in hardy-release on 2007-12-03
gnutls13 (2.0.1-1ubuntu1) hardy; urgency=low

  * Use clean-la.mk to remove the dependencies from the .la files.

 -- Martin Pitt <email address hidden>   Tue, 06 Nov 2007 16:36:37 -0500
Superseded in hardy-release on 2007-11-07
gnutls13 (2.0.1-1) unstable; urgency=low

  * New upstream version.
  * Remove doc/*.info* on clean to allow building thrice in a row.
    (Closes: #441740)

Superseded in hardy-release on 2007-10-23
Obsolete in gutsy-release on 2011-09-16
gnutls13 (1.6.3-1build1) gutsy; urgency=low

  * Trigger rebuild for hppa.

 -- LaMont Jones <email address hidden>   Tue, 02 Oct 2007 06:32:42 -0600
Superseded in gutsy-release on 2007-10-02
gnutls13 (1.6.3-1) unstable; urgency=low

  * New upstream version, pulling selected fixes and features from 1.7.x.
  * Bump shlibs.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  30 May 2007 07:29:32 +0100
Superseded in gutsy-release on 2007-05-30
gnutls13 (1.6.2-2) unstable; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  15 May 2007 13:55:31 +0100
Superseded in gutsy-release on 2007-05-15
gnutls13 (1.6.2-1) unstable; urgency=low

  * New upstream version
    - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
      certificates, since it contains a regenerated pkix_asn1_tab.c.
    - Ship German translation. Closes: #392857

Superseded in gutsy-release on 2007-04-27
Obsolete in feisty-release on 2009-08-20
gnutls13 (1.4.4-3build1) feisty; urgency=low

  * Rebuild for changes in the amd64 toolchain.

 -- Matthias Klose <email address hidden>   Mon,  5 Mar 2007 01:17:19 +0000
Superseded in feisty-release on 2007-03-05
gnutls13 (1.4.4-3) unstable; urgency=low

  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
       version, try to negotiate the highest version support by the GnuTLS
       server, instead of the lowest.

Superseded in feisty-release on 2006-11-15
Obsolete in edgy-release on 2008-06-19
gnutls13 (1.4.0-3ubuntu1) edgy; urgency=low

  * SECURITY UPDATE: Signature forgery.
  * Add debian/patches/00CVS_CVE-2006-4790.patch:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate. (Similar to
      recent OpenSSL update.)
    - Patch taken from upstream CVS:
      http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
    - CVE-2006-4790

 -- Martin Pitt <email address hidden>   Mon, 18 Sep 2006 14:22:47 +0200
Superseded in edgy-release on 2006-09-18
gnutls13 (1.4.0-3) unstable; urgency=low

  [ Andreas Metzler ]
  * Strip "libgnutls-config --libs"' output to only list stuff required for
    dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
    README.Debian.
  * Pull patches/16_libs.private_gnutls.diff and
    debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
    pkg-config usable for static linking.

127 of 27 results