Change log for gnutls28 package in Ubuntu
1 → 75 of 166 results | First • Previous • Next • Last |
Published in oracular-proposed |
Superseded in oracular-proposed |
Published in noble-updates |
Published in noble-security |
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 * SECURITY UPDATE: crash via specially-crafted cert bundle - debian/patches/CVE-2024-28835.patch: remove length limit of input in lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c, tests/test-chains.h. - CVE-2024-28835 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400
Available diffs
gnutls28 (3.7.3-4ubuntu1.5) jammy-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 * SECURITY UPDATE: crash via specially-crafted cert bundle - debian/patches/CVE-2024-28835.patch: remove length limit of input in lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c, tests/test-chains.h. - CVE-2024-28835 -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:51:00 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.11) focal-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:56:37 -0400
Available diffs
gnutls28 (3.8.1-4ubuntu1.3) mantic-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in deterministic ECDSA in lib/nettle/int/dsa-compute-k.c, lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c, lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c, tests/sign-verify-deterministic.c. - CVE-2024-28834 * SECURITY UPDATE: crash via specially-crafted cert bundle - debian/patches/CVE-2024-28835.patch: remove length limit of input in lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c, tests/test-chains.h. - CVE-2024-28835 -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:12:36 -0400
Available diffs
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
gnutls28 (3.8.3-1.1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 06:17:25 +0000
Available diffs
gnutls28 (3.8.3-1.1ubuntu2) noble; urgency=medium * No-change rebuild against libhogweed6t64. -- Matthias Klose <email address hidden> Tue, 05 Mar 2024 16:42:37 +0100
Available diffs
Superseded in noble-proposed |
gnutls28 (3.8.3-1.1ubuntu1) noble; urgency=medium * Merge with Debian; remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config. - Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config. - Fix logic for i386 autopkgtest on an amd64 host - Don't run the testsuite under the influence of a configuration file.
Available diffs
- diff from 3.8.3-1ubuntu2 to 3.8.3-1.1ubuntu1 (19.6 KiB)
Superseded in noble-proposed |
gnutls28 (3.8.3-1ubuntu2) noble; urgency=medium * No-change rebuild against libhogweed6t64 -- Steve Langasek <email address hidden> Sun, 03 Mar 2024 06:23:24 +0000
Available diffs
- diff from 3.8.3-1ubuntu1 to 3.8.3-1ubuntu2 (325 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
gnutls28 (3.8.3-1ubuntu1) noble; urgency=medium * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config. - Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config. - Fix logic for i386 autopkgtest on an amd64 host - Don't run the testsuite under the influence of a configuration file. * debian/patches/CVE-2023-5981.patch: dropped, included in new version.
Available diffs
- diff from 3.8.1-4ubuntu7 to 3.8.3-1ubuntu1 (250.5 KiB)
gnutls28 (3.6.13-2ubuntu1.10) focal-security; urgency=medium * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange - debian/patches/CVE-2024-0553.patch: minimize branching after decryption in lib/auth/rsa_psk.c. - CVE-2024-0553 -- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 12:25:14 -0500
Available diffs
gnutls28 (3.7.3-4ubuntu1.4) jammy-security; urgency=medium * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange - debian/patches/CVE-2024-0553.patch: minimize branching after decryption in lib/auth/rsa_psk.c. - CVE-2024-0553 * SECURITY UPDATE: DoS via certificate chain with distributed trust - debian/patches/CVE-2024-0567.patch: detect loop in certificate chain in lib/x509/common.c, tests/test-chains.h. - CVE-2024-0567 -- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 12:22:01 -0500
Available diffs
gnutls28 (3.7.8-5ubuntu1.2) lunar-security; urgency=medium * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange - debian/patches/CVE-2024-0553.patch: minimize branching after decryption in lib/auth/rsa_psk.c. - CVE-2024-0553 * SECURITY UPDATE: DoS via certificate chain with distributed trust - debian/patches/CVE-2024-0567.patch: detect loop in certificate chain in lib/x509/common.c, tests/test-chains.h. - CVE-2024-0567 -- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 11:20:36 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu1.2) mantic-security; urgency=medium * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange - debian/patches/CVE-2024-0553.patch: minimize branching after decryption in lib/auth/rsa_psk.c. - CVE-2024-0553 * SECURITY UPDATE: DoS via certificate chain with distributed trust - debian/patches/CVE-2024-0567.patch: detect loop in certificate chain in lib/x509/common.c, tests/test-chains.h. - CVE-2024-0567 -- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 11:12:38 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu7) noble; urgency=medium * Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config. See lp-merge #458092 for context. -- Adrien Nader <email address hidden> Wed, 03 Jan 2024 15:06:38 +0100
Available diffs
- diff from 3.8.1-4ubuntu6 to 3.8.1-4ubuntu7 (486 bytes)
gnutls28 (3.8.1-4ubuntu6) noble; urgency=medium * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange - debian/patches/CVE-2023-5981.patch: side-step potential side-channel in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/priority.c. - CVE-2023-5981 -- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 14:04:17 -0500
Available diffs
- diff from 3.8.1-4ubuntu1 to 3.8.1-4ubuntu6 (3.5 KiB)
- diff from 3.8.1-4ubuntu5 to 3.8.1-4ubuntu6 (2.9 KiB)
Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu5) noble; urgency=medium * armhf (-fstack-clash-protection) breakage rebuild -- Mate Kukri <email address hidden> Thu, 23 Nov 2023 15:13:53 +0000
Available diffs
- diff from 3.8.1-4ubuntu4 to 3.8.1-4ubuntu5 (351 bytes)
gnutls28 (3.6.13-2ubuntu1.9) focal-security; urgency=medium * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange - debian/patches/CVE-2023-5981.patch: side-step potential side-channel in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/priority.c. - CVE-2023-5981 -- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:20:22 -0500
Available diffs
Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu4) noble; urgency=medium * Don't run the testsuite under the influence of a configuration file. -- Adrien Nader <email address hidden> Fri, 17 Nov 2023 11:08:39 +0100
Available diffs
- diff from 3.8.1-4ubuntu3 to 3.8.1-4ubuntu4 (538 bytes)
gnutls28 (3.7.3-4ubuntu1.3) jammy-security; urgency=medium * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange - debian/patches/CVE-2023-5981.patch: side-step potential side-channel in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/priority.c. - CVE-2023-5981 -- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:19:42 -0500
Available diffs
gnutls28 (3.7.8-5ubuntu1.1) lunar-security; urgency=medium * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange - debian/patches/CVE-2023-5981.patch: side-step potential side-channel in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/priority.c. - CVE-2023-5981 -- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:18:54 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu1.1) mantic-security; urgency=medium * SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange - debian/patches/CVE-2023-5981.patch: side-step potential side-channel in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/priority.c. - CVE-2023-5981 -- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:08:46 -0500
Available diffs
Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu3) noble; urgency=medium * Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config. -- Adrien Nader <email address hidden> Fri, 27 Oct 2023 17:41:58 -0400
Available diffs
- diff from 3.8.1-4ubuntu2 to 3.8.1-4ubuntu3 (503 bytes)
Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu2) noble; urgency=medium * Rebuild against latest libunistring -- Jeremy BĂcha <email address hidden> Fri, 27 Oct 2023 06:48:46 -0400
Available diffs
- diff from 3.8.1-4ubuntu1 to 3.8.1-4ubuntu2 (335 bytes)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
gnutls28 (3.8.1-4ubuntu1) mantic; urgency=medium * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Fix logic for i386 autopkgtest on an amd64 host
Available diffs
- diff from 3.7.9-2ubuntu1 to 3.8.1-4ubuntu1 (4.9 MiB)
- diff from 3.8.1-3ubuntu1 to 3.8.1-4ubuntu1 (2.2 KiB)
Superseded in mantic-proposed |
gnutls28 (3.8.1-3ubuntu1) mantic; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.7.9-2ubuntu1) mantic; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
- diff from 3.7.8-5ubuntu1 to 3.7.9-2ubuntu1 (380.1 KiB)
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
gnutls28 (3.7.8-5ubuntu1) lunar; urgency=medium * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.7.3-4ubuntu1.2) jammy-security; urgency=medium * SECURITY UPDATE: timing sidechannel in RSA decryption - debian/patches/CVE-2023-0361-1.patch: side-step potential side-channel in lib/auth/rsa.c. - debian/patches/CVE-2023-0361-2.patch: remove dead code in lib/auth/rsa.c. - CVE-2023-0361 -- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:13:17 -0500
Available diffs
gnutls28 (3.6.13-2ubuntu1.8) focal-security; urgency=medium * SECURITY UPDATE: timing sidechannel in RSA decryption - debian/patches/CVE-2023-0361-1.patch: side-step potential side-channel in lib/auth/rsa.c. - debian/patches/CVE-2023-0361-2.patch: remove dead code in lib/auth/rsa.c. - CVE-2023-0361 -- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:13:51 -0500
Available diffs
gnutls28 (3.7.7-2ubuntu2.1) kinetic-security; urgency=medium * SECURITY UPDATE: timing sidechannel in RSA decryption - debian/patches/CVE-2023-0361-1.patch: side-step potential side-channel in lib/auth/rsa.c. - debian/patches/CVE-2023-0361-2.patch: remove dead code in lib/auth/rsa.c. - CVE-2023-0361 -- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:10:15 -0500
Available diffs
gnutls28 (3.7.8-4ubuntu1) lunar; urgency=medium * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Dropped changes: - Reduce parallelism in build to 2 to address FTBFS with lto -- Adrien Nader <email address hidden> Thu, 19 Jan 2023 14:47:39 +0100
Available diffs
- diff from 3.7.7-2ubuntu2 to 3.7.8-4ubuntu1 (412.8 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
gnutls28 (3.7.7-2ubuntu2) kinetic; urgency=medium * Fix Segmentation Fault due to misdetected Intel AVX support (LP: #1988398) -- Gregor Jasny <email address hidden> Thu, 01 Sep 2022 07:42:53 +0100
Available diffs
gnutls28 (3.7.3-4ubuntu1.1) jammy-security; urgency=medium * SECURITY UPDATE: Double free in verification of pkcs7 signatures - debian/patches/CVE-2022-2509.patch: fix double free during gnutls_pkcs7_verify in lib/x509/pkcs7.c, tests/pkcs7-verify-double-free.c, tests/Makefile.am. - CVE-2022-2509 -- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:48:56 -0400
Available diffs
gnutls28 (3.5.18-1ubuntu1.6) bionic-security; urgency=medium * SECURITY UPDATE: Null pointer dereference in MD_UPDATE - debian/patches/CVE-2021-4209.patch: avoid calling _update with zero-length input in lib/nettle/mac.c. - CVE-2021-4209 * SECURITY UPDATE: Double free in verification of pkcs7 signatures - debian/patches/CVE-2022-2509.patch: fix double free during gnutls_pkcs7_verify in lib/x509/pkcs7.c, tests/pkcs7-verify-double-free.c, tests/Makefile.am. - CVE-2022-2509 -- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:58:39 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.7) focal-security; urgency=medium * SECURITY UPDATE: Null pointer dereference in MD_UPDATE - debian/patches/CVE-2021-4209.patch: avoid calling _update with zero-length input in lib/nettle/mac.c. - CVE-2021-4209 * SECURITY UPDATE: Double free in verification of pkcs7 signatures - debian/patches/CVE-2022-2509.patch: fix double free during gnutls_pkcs7_verify in lib/x509/pkcs7.c, tests/pkcs7-verify-double-free.c, tests/Makefile.am. - CVE-2022-2509 -- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:50:52 -0400
Available diffs
gnutls28 (3.7.7-2ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.6-2ubuntu1 to 3.7.7-2ubuntu1 (411.8 KiB)
gnutls28 (3.7.6-2ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.4-2ubuntu1 to 3.7.6-2ubuntu1 (627.7 KiB)
gnutls28 (3.7.4-2ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.3-4ubuntu1 to 3.7.4-2ubuntu1 (913.5 KiB)
- diff from 3.7.4-2 (in Debian) to 3.7.4-2ubuntu1 (4.0 KiB)
gnutls28 (3.7.4-2) unstable; urgency=low * 40_srptest_doubletimeout.diff: Increase timeout for tests/srp to fix occasionasonal error on slow buildds (mipsel, hppa). * Upload to unstable. -- Andreas Metzler <email address hidden> Thu, 14 Apr 2022 08:54:25 +0200
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
gnutls28 (3.7.3-4ubuntu1) jammy; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-5ubuntu1) jammy; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-4ubuntu1) jammy; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-2ubuntu1) jammy; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.1-5ubuntu1 to 3.7.2-2ubuntu1 (911.1 KiB)
gnutls28 (3.4.10-4ubuntu1.9) xenial; urgency=medium * Backport patches from Upstream/Debian to check validity against system certs. This is to allow correctly validating default letsencrypt chains that now also include a redundant expired certficate. LP: #1928648 -- Dimitri John Ledkov <email address hidden> Fri, 27 Aug 2021 14:19:17 +0100
Available diffs
gnutls28 (3.5.18-1ubuntu1.5) bionic; urgency=medium * Backport patches from Upstream/Debian to check validity against system certs. This is to allow correctly validating default letsencrypt chains that now also include a redundant expired certficate. LP: #1928648 -- Dimitri John Ledkov <email address hidden> Wed, 25 Aug 2021 19:11:11 +0100
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
gnutls28 (3.7.1-5ubuntu1) impish; urgency=low * Merge from Debian unstable (LP: #1939739). Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto * Add LP bug number to previous merge entry in changelog
Available diffs
gnutls28 (3.6.13-2ubuntu1.6) focal-security; urgency=medium * SECURITY UPDATE: use after free issue in key_share extension - debian/patches/CVE-2021-20231.patch: avoid use-after-free around realloc in lib/ext/key_share.c. - CVE-2021-20231 * SECURITY UPDATE: use after free issue in client_send_params - debian/patches/CVE-2021-20232.patch: avoid use-after-free around realloc in lib/ext/pre_shared_key.c. - CVE-2021-20232 -- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 09:56:04 -0400
Available diffs
- diff from 3.6.13-2ubuntu1.3 to 3.6.13-2ubuntu1.6 (3.6 KiB)
- diff from 3.6.13-2ubuntu1.5~test1 to 3.6.13-2ubuntu1.6 (pending)
gnutls28 (3.7.1-4ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
Available diffs
- diff from 3.7.1-3ubuntu1 to 3.7.1-4ubuntu1 (18.0 KiB)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium * Merge from Debian unstable. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004 * Merge CVE fixes CVE-2021-20231 CVE-2021-20232
Available diffs
- diff from 3.7.0-5ubuntu1 to 3.7.1-3ubuntu1 (386.6 KiB)
Deleted in focal-proposed (Reason: moved to -updates) |
gnutls28 (3.6.13-2ubuntu1.5) focal; urgency=medium * testpkcs11: use datefudge to allow testing with expired certificates. (LP: #1910255) * debian/patches/update-status-request-revoked.patch: update the status-request-revoked.c test so that it passes and the package builds. -- Brian Murray <email address hidden> Mon, 01 Mar 2021 12:27:48 -0800
Available diffs
Superseded in focal-proposed |
gnutls28 (3.6.13-2ubuntu1.4) focal; urgency=medium * testpkcs11: use datefudge to allow testing with expired certificates. (LP: #1910255) -- Brian Murray <email address hidden> Mon, 01 Mar 2021 12:27:48 -0800
Available diffs
Deleted in groovy-proposed (Reason: The package was removed due to its SRU bug(s) not being v...) |
gnutls28 (3.6.15-4ubuntu2.1) groovy; urgency=medium * testpkcs11: use datefudge to allow testing with expired certificates. (LP: #1910255) -- Brian Murray <email address hidden> Fri, 26 Feb 2021 16:23:02 -0800
Available diffs
gnutls28 (3.7.0-5ubuntu1) hirsute; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Add patch to fix ftbfs gnulib with new glibc.
Available diffs
Superseded in groovy-proposed |
gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.6.13-4ubuntu5) groovy; urgency=medium * SECURITY UPDATE: null pointer deref via no_renegotiation alert - debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if handshake is incomplete in lib/gnutls_int.h, lib/handshake.c. - CVE-2020-24659 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2020 10:09:39 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: null pointer deref via no_renegotiation alert - debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if handshake is incomplete in lib/gnutls_int.h, lib/handshake.c. - CVE-2020-24659 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2020 10:07:34 -0400
Available diffs
gnutls28 (3.6.13-4ubuntu4) groovy; urgency=medium * No change rebuild against new libnettle8 and libhogweed6 ABI. -- Dimitri John Ledkov <email address hidden> Mon, 29 Jun 2020 22:24:52 +0100
Available diffs
- diff from 3.6.13-4ubuntu2 to 3.6.13-4ubuntu4 (2.3 KiB)
- diff from 3.6.13-4ubuntu3 to 3.6.13-4ubuntu4 (332 bytes)
Superseded in groovy-proposed |
gnutls28 (3.6.13-4ubuntu3) groovy; urgency=medium * Enable CET. -- Dimitri John Ledkov <email address hidden> Sun, 28 Jun 2020 23:48:44 +0100
Available diffs
gnutls28 (3.6.13-2ubuntu1.2) focal; urgency=medium * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (LP: #1876286) -- Sebastien Bacher <email address hidden> Mon, 15 Jun 2020 17:10:12 +0200
Available diffs
gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch: - add support for zero length session tickets returned from the server, thanks Rod for the backport and testing! (lp: #1876286) -- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 23:06:13 +0200
Available diffs
gnutls28 (3.5.18-1ubuntu1.4) bionic; urgency=medium * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch: - add support for zero length session tickets returned from the server, thanks Rod for the backport and testing! (lp: #1876286) -- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 12:03:27 +0200
Available diffs
gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium * SECURITY UPDATE: flaw in TLS session ticket key construction - debian/patches/CVE-2020-13777.patch: differentiate initial state from valid time window of TOTP in lib/stek.c, tests/resume-with-previous-stek.c, tests/tls13/prf-early.c. - CVE-2020-13777 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 13:12:39 -0400
Available diffs
- diff from 3.6.13-2ubuntu1 to 3.6.13-4ubuntu2 (10.9 KiB)
- diff from 3.6.13-4ubuntu1 to 3.6.13-4ubuntu2 (2.2 KiB)
Superseded in groovy-proposed |
gnutls28 (3.6.13-4ubuntu1) groovy; urgency=medium * Resynchronize with Debian; remaining changes: Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.6.13-2ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: flaw in TLS session ticket key construction - debian/patches/CVE-2020-13777.patch: differentiate initial state from valid time window of TOTP in lib/stek.c, tests/resume-with-previous-stek.c, tests/tls13/prf-early.c. - CVE-2020-13777 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 07:18:21 -0400
Available diffs
gnutls28 (3.6.9-5ubuntu1.2) eoan-security; urgency=medium * SECURITY UPDATE: flaw in TLS session ticket key construction - debian/patches/CVE-2020-13777.patch: differentiate initial state from valid time window of TOTP in lib/stek.c, tests/resume-with-previous-stek.c, tests/tls13/prf-early.c. - CVE-2020-13777 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 07:19:51 -0400
Available diffs
gnutls28 (3.6.9-5ubuntu1.1) eoan-security; urgency=medium * SECURITY UPDATE: incorrect randomness in DTLS negotiation - debian/patches/CVE-2020-11501.patch: fix zeroed random in lib/handshake.c. - CVE-2020-11501 -- Marc Deslauriers <email address hidden> Mon, 06 Apr 2020 08:05:51 -0400
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
gnutls28 (3.6.13-2ubuntu1) focal; urgency=medium * Merge with Debian; remaining changes: - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
Superseded in focal-proposed |
gnutls28 (3.6.11.1-2ubuntu3) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Sat, 21 Mar 2020 13:27:21 +0100
Available diffs
- diff from 3.6.11.1-2ubuntu2 to 3.6.11.1-2ubuntu3 (348 bytes)
gnutls28 (3.4.10-4ubuntu1.7) xenial-security; urgency=medium * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a priority string (LP: #1860656) - debian/patches/allow_broken_priority_string.patch: introduce the %VERIFY_ALLOW_BROKEN priority string option. - debian/patches/allow_sha1_priority_string.patch: introduce the %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option. -- Marc Deslauriers <email address hidden> Thu, 23 Jan 2020 08:47:43 -0500
Available diffs
gnutls28 (3.5.18-1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a priority string (LP: #1860656) - debian/patches/allow_broken_priority_string.patch: introduce the %VERIFY_ALLOW_BROKEN priority string option. - debian/patches/allow_sha1_priority_string.patch: introduce the %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option. -- Marc Deslauriers <email address hidden> Thu, 23 Jan 2020 08:39:38 -0500
Available diffs
gnutls28 (3.6.11.1-2ubuntu2) focal; urgency=medium * Refresh 1158.patch to the one that got merged upstream. * Import 1168.patch merge request that makes openssl-compat test suite pass against openssl compiled with SECLEVEL=2.
Available diffs
Superseded in focal-proposed |
gnutls28 (3.6.11.1-2ubuntu1) focal; urgency=medium * Import upstream pullrequest patch to allow overriding default priority string. * Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). -- Dimitri John Ledkov <email address hidden> Fri, 10 Jan 2020 00:48:29 +0000
Available diffs
gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing - debian/patches/insecuresha1-*.patch: backport upstream patches to allow marking SHA1 as insecure, but only for certificate signing. - debian/libgnutls30.symbols: added new symbol. -- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 12:52:12 -0500
Available diffs
gnutls28 (3.5.18-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing - debian/patches/insecuresha1-*.patch: backport upstream patches to allow marking SHA1 as insecure, but only for certificate signing. - debian/libgnutls30.symbols: added new symbol. -- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 10:39:00 -0500
Available diffs
1 → 75 of 166 results | First • Previous • Next • Last |