Change log for gnutls26 package in Ubuntu
1 → 75 of 96 results | First • Previous • Next • Last |
Published in trusty-proposed |
gnutls26 (2.12.23-12ubuntu2.10) trusty; urgency=medium * Backport an upstream commit for better TLS 1.2 compatibility during handshakes (LP: #1444656): - debian/patches/fix-tls12-handshake.diff: This fixes a handshake failure on TLS 1.2 connections when one or more certificates in the chain use the SHA384 or SHA512 signature algorithm. -- <email address hidden> (Samuel D. Leslie) Sun, 03 Sep 2017 12:06:52 +1000
Available diffs
Deleted in trusty-proposed (Reason: SRU abandoned (verification-failed)) |
gnutls26 (2.12.23-12ubuntu2.9) trusty; urgency=medium * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler: OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. (LP: #1709193) -- Simon Deziel <email address hidden> Thu, 10 Aug 2017 15:40:49 +0000
Available diffs
gnutls26 (2.12.23-12ubuntu2.8) trusty-security; urgency=medium * SECURITY UPDATE: DoS and possible code execution via OpenPGP certificate decoding - debian/patches/CVE-2017-7869.patch: enforce packet limits in lib/opencdk/read-packet.c. - CVE-2017-7869 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:35:01 -0400
Available diffs
gnutls26 (2.12.23-12ubuntu2.7) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via warning alerts - debian/patches/CVE-2016-8610.patch: set a maximum number of warning messages in lib/gnutls_int.h, lib/gnutls_handshake.c, lib/gnutls_state.c. - CVE-2016-8610 -- Marc Deslauriers <email address hidden> Wed, 15 Mar 2017 15:20:21 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.14) precise-security; urgency=medium * SECURITY UPDATE: denial of service via warning alerts - debian/patches/CVE-2016-8610.patch: set a maximum number of warning messages in lib/gnutls_int.h, lib/gnutls_handshake.c, lib/gnutls_state.c. - CVE-2016-8610 -- Marc Deslauriers <email address hidden> Wed, 15 Mar 2017 18:59:53 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.13) precise-security; urgency=medium * SECURITY UPDATE: out of memory error in stream reading functions - debian/patches/CVE-2017-5335.patch: add error checking to lib/opencdk/read-packet.c. - CVE-2017-5335 * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid - debian/patches/CVE-2017-5336.patch: check return code in lib/opencdk/pubkey.c. - CVE-2017-5336 * SECURITY UPDATE: heap read overflow when reading streams - debian/patches/CVE-2017-5337.patch: add more precise checks to lib/opencdk/read-packet.c. - CVE-2017-5337 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2017 13:45:02 -0500
Available diffs
gnutls26 (2.12.23-12ubuntu2.6) trusty-security; urgency=medium * SECURITY UPDATE: out of memory error in stream reading functions - debian/patches/CVE-2017-5335.patch: add error checking to lib/opencdk/read-packet.c. - CVE-2017-5335 * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid - debian/patches/CVE-2017-5336.patch: check return code in lib/opencdk/pubkey.c. - CVE-2017-5336 * SECURITY UPDATE: heap read overflow when reading streams - debian/patches/CVE-2017-5337.patch: add more precise checks to lib/opencdk/read-packet.c. - CVE-2017-5337 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2017 13:42:43 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.12) precise-security; urgency=medium * debian/patches/compare_ca_name_and_key.patch: when comparing a CA certificate with the trusted list compare the name and key. This will allow the future removal of 1024-bit RSA keys from the ca-certificates package. -- Marc Deslauriers <email address hidden> Fri, 05 Feb 2016 13:51:23 -0500
Available diffs
gnutls26 (2.12.23-12ubuntu2.5) trusty-security; urgency=medium * debian/patches/compare_ca_name_and_key.patch: when comparing a CA certificate with the trusted list compare the name and key. This will allow the future removal of 1024-bit RSA keys from the ca-certificates package. -- Marc Deslauriers <email address hidden> Fri, 05 Feb 2016 08:49:43 -0500
Available diffs
gnutls26 (2.12.23-12ubuntu2.4) trusty-security; urgency=medium * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2 - debian/patches/CVE-2015-7575.patch: do not consider any values from the extension data to decide acceptable algorithms in lib/ext_signature.c. - CVE-2015-7575 -- Marc Deslauriers <email address hidden> Thu, 07 Jan 2016 10:38:24 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.11) precise-security; urgency=medium * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2 - debian/patches/CVE-2015-7575.patch: do not consider any values from the extension data to decide acceptable algorithms in lib/ext_signature.c. - CVE-2015-7575 -- Marc Deslauriers <email address hidden> Thu, 07 Jan 2016 10:41:27 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.10) precise-security; urgency=low * SECURITY UPDATE: Poodle TLS issue - debian/patches/fix_tls_poodle.patch: fixes off by one issue in padding check. Patch created by Hanno Boeck (https://hboeck.de/) (LP: #1510163) -- Bryan Quigley <email address hidden> Wed, 25 Nov 2015 21:37:58 +0000
Available diffs
gnutls26 (2.12.23-12ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: Poodle TLS issue - debian/patches/fix_tls_poodle.patch: fixes off by one issue in padding check. Patch created by Hanno Boeck (https://hboeck.de/) (LP: #1510163) -- Bryan Quigley <email address hidden> Wed, 25 Nov 2015 21:37:33 +0000
Available diffs
Deleted in vivid-proposed (Reason: Superseded by gnutls28) |
gnutls26 (2.12.23-18ubuntu1) vivid; urgency=medium * Merge with Debian; remaining changes: - Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. * Dropped changes: - restore sipsak Breaks, ours is now new enough to deal with this. - drop CVE-2014-3466 security upload, included in debian. - debian/patches/99_update-libtool.patch: Debian uses autoreconf.
Available diffs
gnutls26 (2.8.5-2ubuntu0.7) lucid-security; urgency=medium * SECURITY UPDATE: signature forgery issue - debian/patches/CVE-2015-0282.patch: make sure the signature algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h. - CVE-2015-0282 * SECURITY UPDATE: certificate algorithm consistency issue - debian/patches/CVE-2015-0294.patch: make sure the two signature algorithms match on cert import in lib/x509/x509.c. - CVE-2015-0294 * SECURITY UPDATE: missing date/time checks on CA certificates - debian/patches/CVE-2014-8155.patch: perform time verification on trusted certificate list in lib/includes/gnutls/x509.h, lib/x509/verify.c. - CVE-2014-8155 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 09:56:50 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.9) precise-security; urgency=medium * SECURITY UPDATE: signature forgery issue - debian/patches/CVE-2015-0282.patch: make sure the signature algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h. - CVE-2015-0282 * SECURITY UPDATE: certificate algorithm consistency issue - debian/patches/CVE-2015-0294.patch: make sure the two signature algorithms match on cert import in lib/x509/x509.c. - CVE-2015-0294 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 09:26:34 -0400
Available diffs
gnutls26 (2.12.23-12ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: signature forgery issue - debian/patches/CVE-2015-0282.patch: make sure the signature algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h. - CVE-2015-0282 * SECURITY UPDATE: certificate algorithm consistency issue - debian/patches/CVE-2015-0294.patch: make sure the two signature algorithms match on cert import in lib/x509/x509.c. - CVE-2015-0294 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 09:08:01 -0400
Deleted in vivid-release (Reason: Superseded by gnutls28) |
Obsolete in utopic-release |
Superseded in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
gnutls26 (2.12.23-15ubuntu2) utopic; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:02:11 -0400
Available diffs
- diff from 2.12.23-15ubuntu1 to 2.12.23-15ubuntu2 (1002 bytes)
gnutls26 (2.12.23-1ubuntu4.3) saucy-security; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:04:16 -0400
Available diffs
gnutls26 (2.12.23-12ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:03:46 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.8) precise-security; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:04:42 -0400
Available diffs
gnutls26 (2.8.5-2ubuntu0.6) lucid-security; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:06:47 -0400
Available diffs
gnutls26 (2.12.23-15ubuntu1) utopic; urgency=medium * Merge with Debian; remaining changes: - Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. - Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. - debian/patches/99_update-libtool.patch: Update libtool.m4 - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. * Dropped changes: - gnutls-bin is now going to be build from gnutls28 package, as it is now GPLv2 compatible. - security upload, included in debian.
Available diffs
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
gnutls26 (2.12.23-12ubuntu2) trusty; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:10:30 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.7) precise-security; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:16:13 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu4.6) quantal-security; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:15:34 -0500
Available diffs
gnutls26 (2.12.23-1ubuntu4.2) saucy-security; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:14:00 -0500
Available diffs
gnutls26 (2.8.5-2ubuntu0.5) lucid-security; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:30:43 -0500
Available diffs
gnutls26 (2.12.23-12ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. - Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. - Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. - debian/patches/99_update-libtool.patch: Update libtool.m4 - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind.
Available diffs
Superseded in trusty-proposed |
gnutls26 (2.12.23-1ubuntu6) trusty; urgency=medium * SECURITY UPDATE: incorrect v1 intermediate cert handling - debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate cert to be a valid CA by default in lib/x509/verify.c. - CVE-2014-1959 -- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 13:56:26 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.6) precise-security; urgency=medium * SECURITY UPDATE: incorrect v1 intermediate cert handling - debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate cert to be a valid CA by default in lib/x509/verify.c. - CVE-2014-1959 -- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 14:01:03 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu4.5) quantal-security; urgency=medium * SECURITY UPDATE: incorrect v1 intermediate cert handling - debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate cert to be a valid CA by default in lib/x509/verify.c. - CVE-2014-1959 -- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 14:00:29 -0500
Available diffs
gnutls26 (2.12.23-1ubuntu4.1) saucy-security; urgency=medium * SECURITY UPDATE: incorrect v1 intermediate cert handling - debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate cert to be a valid CA by default in lib/x509/verify.c. - CVE-2014-1959 -- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 13:59:47 -0500
Available diffs
gnutls26 (2.12.23-1ubuntu5) trusty; urgency=low * 25_updatedgdocfrommaster.diff - Update gdoc script from gnutls master to fix spurious build failure with perl 5.18. Closes: #724167 * debian/patches/99_update-libtool.patch: Update libtool.m4 * debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. -- Adam Conrad <email address hidden> Wed, 04 Dec 2013 23:23:10 -0700
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
gnutls26 (2.12.23-1ubuntu4) saucy; urgency=low * Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. Based on a similar change by Matthias Klose in libidn. -- Colin Watson <email address hidden> Mon, 07 Oct 2013 15:51:16 +0100
Available diffs
Superseded in saucy-proposed |
gnutls26 (2.12.23-1ubuntu3) saucy; urgency=low * Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. -- Colin Watson <email address hidden> Sat, 05 Oct 2013 00:00:39 +0100
Available diffs
- diff from 2.12.23-1ubuntu2 to 2.12.23-1ubuntu3 (722 bytes)
gnutls26 (2.12.14-5ubuntu4.4) quantal-proposed; urgency=low * debian/patches/21_ignore_key_usage_violation.patch: Prints debug message on key usage violation rather than treating the violation as fatal. (LP: #1207123) -- Adam Stokes <email address hidden> Mon, 05 Aug 2013 11:15:19 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.5) precise-proposed; urgency=low * debian/patches/26_ignore_key_usage_violation.patch: Prints debug message on key usage violation rather than treating the violation as fatal. (LP: #1207123) -- Adam Stokes <email address hidden> Mon, 05 Aug 2013 11:57:10 -0400
Available diffs
gnutls26 (2.12.23-1ubuntu2) saucy; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:34:01 -0400
Available diffs
- diff from 2.12.23-1ubuntu1 to 2.12.23-1ubuntu2 (1014 bytes)
gnutls26 (2.12.14-5ubuntu4.3) quantal-security; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:40:42 -0400
Available diffs
gnutls26 (2.12.23-1ubuntu1.1) raring-security; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:39:49 -0400
Available diffs
gnutls26 (2.12.14-5ubuntu3.4) precise-security; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:41:23 -0400
Available diffs
gnutls26 (2.8.5-2ubuntu0.4) lucid-security; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:42:39 -0400
Available diffs
- diff from 2.8.5-2ubuntu0.3 to 2.8.5-2ubuntu0.4 (973 bytes)
gnutls26 (2.12.14-5ubuntu3.3) precise-proposed; urgency=low * debian/patches/lp1095052.patch: - Added new patch, derived from an upstream revision, which provides a fix for an issue where client certificate authentication will fail. (LP: #1095052) -- Timo Aaltonen <email address hidden> Mon, 22 Apr 2013 20:39:44 +0300
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
gnutls26 (2.12.23-1ubuntu1) raring; urgency=low * Merge from debian-experimental, remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Drop gnulib-gets.diff: upstream.
Available diffs
- diff from 2.12.20-2ubuntu1 to 2.12.23-1ubuntu1 (264.6 KiB)
gnutls26 (2.8.5-2ubuntu0.3) lucid-security; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-1619.patch: avoid timing attacks in lib/gnutls_cipher.c, lib/gnutls_hash_int.h. - CVE-2013-1619 -- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 12:36:24 -0500
Available diffs
gnutls26 (2.10.5-1ubuntu3.3) oneiric-security; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-1619.patch: avoid timing attacks in lib/gnutls_cipher.c, lib/gnutls_hash_int.h. - CVE-2013-1619 -- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 11:52:02 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu3.2) precise-security; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-1619.patch: avoid timing attacks in lib/gnutls_cipher.c, lib/gnutls_hash_int.h. - CVE-2013-1619 -- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 11:43:21 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu4.2) quantal-security; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-1619.patch: avoid timing attacks in lib/gnutls_cipher.c, lib/gnutls_hash_int.h. - CVE-2013-1619 -- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 11:31:46 -0500
Available diffs
gnutls26 (2.12.14-5ubuntu4.1) quantal-proposed; urgency=low * debian/patches/lp1095052.patch: - Added new patch, derived from an upstream revision, which provides a fix for an issue where client certificate authentication will fail. (LP: #1095052) -- Thomas Ward <email address hidden> Mon, 07 Jan 2013 19:52:48 +0000
Available diffs
gnutls26 (2.12.20-2ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Avoid assuming that gets is declared.
Available diffs
gnutls26 (2.8.5-2ubuntu0.2) lucid-proposed; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser <email address hidden> Thu, 31 May 2012 14:07:11 +0200
Available diffs
gnutls26 (2.10.5-1ubuntu3.2) oneiric-proposed; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser <email address hidden> Thu, 24 May 2012 11:10:16 +0200
Available diffs
gnutls26 (2.12.14-5ubuntu3.1) precise-proposed; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser <email address hidden> Thu, 24 May 2012 11:19:12 +0200
Available diffs
gnutls26 (2.12.14-5ubuntu4) quantal; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser <email address hidden> Thu, 24 May 2012 11:19:12 +0200
Available diffs
gnutls26 (2.12.14-5ubuntu3) precise; urgency=low * SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661) - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 02:52:23 -0500
Available diffs
- diff from 2.12.14-5ubuntu2 to 2.12.14-5ubuntu3 (1005 bytes)
gnutls26 (2.8.5-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
Available diffs
gnutls26 (2.8.6-1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
Available diffs
gnutls26 (2.8.6-1ubuntu2.1) natty-security; urgency=low * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
Available diffs
gnutls26 (2.10.5-1ubuntu3.1) oneiric-security; urgency=low * SECURITY UPDATE: Denial of service in client application - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying session data. Based on upstream patch. - CVE-2011-4128 * SECURITY UPDATE: Denial of service via crafted TLS record - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
Available diffs
Superseded in precise-release |
gnutls26 (2.12.14-5ubuntu2) precise; urgency=low * Bump the version of gnutls-doc too, for the same reason as gnutls-bin. -- Colin Watson <email address hidden> Tue, 24 Jan 2012 20:05:00 +0000
Available diffs
- diff from 2.12.14-5ubuntu1 to 2.12.14-5ubuntu2 (764 bytes)
Superseded in precise-release |
gnutls26 (2.12.14-5ubuntu1) precise; urgency=low * Start building gnutls-bin from this source package again, superseding the version in gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. -- Colin Watson <email address hidden> Tue, 24 Jan 2012 18:18:46 +0000
Available diffs
- diff from 2.12.14-5 to 2.12.14-5ubuntu1 (2.1 KiB)
gnutls26 (2.12.14-5) unstable; urgency=low * Disable gnutls-guile package, let it be provided by gnutls28. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 29 Dec 2011 09:50:08 +0000
Available diffs
- diff from 2.12.14-4 to 2.12.14-5 (2.1 KiB)
gnutls26 (2.12.14-4) unstable; urgency=low * Prepare for uploading gnutls28 to unstable. + Drop gnutls-bin package, it is going to be provided by gnutls28. + Binaries are still useful for debugging, ship them with libgnutls-dbg in LIBDIR/libgnutls26. -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 14 Dec 2011 09:46:05 +0000
Available diffs
gnutls26 (2.12.14-3) unstable; urgency=low * [20_tests-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). Closes: #648247 -- Andreas Metzler <email address hidden> Tue, 15 Nov 2011 19:10:06 +0100
Available diffs
gnutls26 (2.12.11-1) unstable; urgency=low * New upstream version. + Allow CA importing of 0 certificates to succeed. Closes: #640639 * Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811) * [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+.
Available diffs
gnutls26 (2.10.5-1ubuntu3) oneiric; urgency=low * Backport from Debian (Andreas Metzler, LP: #829467): - [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Colin Watson <email address hidden> Thu, 25 Aug 2011 17:23:22 +0100
Available diffs
Superseded in oneiric-release |
gnutls26 (2.10.5-1ubuntu2) oneiric; urgency=low * debian/libgnutlsxx26.install, debian/control: convert libgnutlsxx26 for multiarch as well. -- Steve Langasek <email address hidden> Fri, 20 May 2011 14:26:01 -0700
Available diffs
- diff from 2.10.5-1ubuntu1 to 2.10.5-1ubuntu2 (684 bytes)
Superseded in oneiric-release |
gnutls26 (2.10.5-1ubuntu1) oneiric; urgency=low * Merge from Debian unstable, remaining changes: - Fix build failure with --no-add-needed. - Build for multiarch.
Available diffs
gnutls26 (2.8.6-1ubuntu2) natty; urgency=low * FFe LP: #733501: Build for multiarch. -- Steve Langasek <email address hidden> Mon, 21 Mar 2011 22:19:18 -0700
Available diffs
Superseded in natty-release |
gnutls26 (2.8.6-1ubuntu1) natty; urgency=low * Fix build failure with --no-add-needed. -- Matthias Klose <email address hidden> Thu, 18 Nov 2010 17:15:37 +0100
Available diffs
- diff from 2.8.6-1 to 2.8.6-1ubuntu1 (1.1 KiB)
gnutls26 (2.8.6-1) unstable; urgency=low * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 13:50:55 +0100
Available diffs
- diff from 2.8.5-2 to 2.8.6-1 (1012.6 KiB)
gnutls26 (2.8.5-2) unstable; urgency=low * Add a huge bunch of lintian overrides for the guile stuff to make dak happy.
Available diffs
- diff from 2.8.4-2 to 2.8.5-2 (51.1 KiB)
gnutls26 (2.8.4-2) unstable; urgency=high * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 10 Nov 2009 01:36:55 +0000
Available diffs
- diff from 2.8.4-1 to 2.8.4-2 (723 bytes)
gnutls26 (2.8.4-1) unstable; urgency=low * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard.
Available diffs
- diff from 2.8.3-2 to 2.8.4-1 (74.6 KiB)
1 → 75 of 96 results | First • Previous • Next • Last |