Format: 1.8 Date: Thu, 30 Apr 2009 19:00:21 +0200 Source: gnutls26 Binary: libgnutls-dev libgnutls26 libgnutls26-dbg gnutls-bin gnutls-doc guile-gnutls Architecture: armel_translations armel Version: 2.6.6-1 Distribution: karmic Urgency: high Maintainer: Ubuntu/armel Build Daemon Changed-By: Andreas Metzler Description: gnutls-bin - the GNU TLS library - commandline utilities gnutls-doc - the GNU TLS library - documentation and examples guile-gnutls - the GNU TLS library - GNU Guile bindings libgnutls-dev - the GNU TLS library - development files libgnutls26 - the GNU TLS library - runtime library libgnutls26-dbg - GNU TLS library - debugger symbols Changes: gnutls26 (2.6.6-1) unstable; urgency=high . * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a brehavior change, add a NEWS.Debian file to document it. Checksums-Sha1: 13e654b790d1f402fb54a7013ab9803cc75dda7d 31476 gnutls26_2.6.6-1_armel_translations.tar.gz 65ca1412f7884d9a4c1f1b09ab9412776ab8197e 412042 libgnutls-dev_2.6.6-1_armel.deb ed82debb8a021d62273f646fff792d22e4c3fb49 391120 libgnutls26_2.6.6-1_armel.deb 3c3e6dc512daff2a229f346979f4cb0b9f18432b 901352 libgnutls26-dbg_2.6.6-1_armel.deb c30292ec40bbb4827cc28c16c56895d60881d5d1 132760 gnutls-bin_2.6.6-1_armel.deb a519da23acb3bd4f3edb47d1dab810929a18ba96 62930 guile-gnutls_2.6.6-1_armel.deb Checksums-Sha256: ffb3beaa1cffab7d7d3dd29a940f35cd0833a3e4eb2757a1a915fee7653e4563 31476 gnutls26_2.6.6-1_armel_translations.tar.gz 73cff917f0dc3c918c6fe7a063f745ef090f6f74fb562d34509b249a4e9e3833 412042 libgnutls-dev_2.6.6-1_armel.deb 2a63cdde98fcc6146b012930a9a700abecd34280c357ef1575c6418a7f3b1826 391120 libgnutls26_2.6.6-1_armel.deb bcf29ec2570acea26bce5cbba7e7a6f1ed04965f21524877fe11e274aa0c8449 901352 libgnutls26-dbg_2.6.6-1_armel.deb 8e8a4b75c818827d9fd1658fde4b848ce72fdfd2b534a8db08409947f092eb44 132760 gnutls-bin_2.6.6-1_armel.deb 7915671d84f1a472e6c5b4c8d46eaa1af58ba66653c7bbc7054b83e47aab3be7 62930 guile-gnutls_2.6.6-1_armel.deb Files: 29319d33c556b4f8640f5388d0da228d 31476 raw-translations - gnutls26_2.6.6-1_armel_translations.tar.gz 0cbee776d872152cdfc3962fb977c40c 412042 libdevel optional libgnutls-dev_2.6.6-1_armel.deb 5907414f286eeed794dbc4d071ea5d93 391120 libs important libgnutls26_2.6.6-1_armel.deb a5cfa551219f120ae36c23aed13579ab 901352 debug extra libgnutls26-dbg_2.6.6-1_armel.deb 4dd9a905ae86f22810f02d003b5d8fd9 132760 net optional gnutls-bin_2.6.6-1_armel.deb acd4bba6452b9ce73372aaabe49465d0 62930 lisp optional guile-gnutls_2.6.6-1_armel.deb