Change log for gnutls28 package in Ubuntu
| 1 → 75 of 166 results | First • Previous • Next • Last |
| Published in oracular-proposed |
| Superseded in oracular-proposed |
| Published in noble-updates |
| Published in noble-security |
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400
Available diffs
gnutls28 (3.7.3-4ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:51:00 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.11) focal-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:56:37 -0400
Available diffs
gnutls28 (3.8.1-4ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:12:36 -0400
Available diffs
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
gnutls28 (3.8.3-1.1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 06:17:25 +0000
Available diffs
gnutls28 (3.8.3-1.1ubuntu2) noble; urgency=medium * No-change rebuild against libhogweed6t64. -- Matthias Klose <email address hidden> Tue, 05 Mar 2024 16:42:37 +0100
Available diffs
| Superseded in noble-proposed |
gnutls28 (3.8.3-1.1ubuntu1) noble; urgency=medium
* Merge with Debian; remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config.
- Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config.
- Fix logic for i386 autopkgtest on an amd64 host
- Don't run the testsuite under the influence of a configuration file.
Available diffs
- diff from 3.8.3-1ubuntu2 to 3.8.3-1.1ubuntu1 (19.6 KiB)
| Superseded in noble-proposed |
gnutls28 (3.8.3-1ubuntu2) noble; urgency=medium * No-change rebuild against libhogweed6t64 -- Steve Langasek <email address hidden> Sun, 03 Mar 2024 06:23:24 +0000
Available diffs
- diff from 3.8.3-1ubuntu1 to 3.8.3-1ubuntu2 (325 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
gnutls28 (3.8.3-1ubuntu1) noble; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config.
- Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config.
- Fix logic for i386 autopkgtest on an amd64 host
- Don't run the testsuite under the influence of a configuration file.
* debian/patches/CVE-2023-5981.patch: dropped, included in new version.
Available diffs
- diff from 3.8.1-4ubuntu7 to 3.8.3-1ubuntu1 (250.5 KiB)
gnutls28 (3.6.13-2ubuntu1.10) focal-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
- debian/patches/CVE-2024-0553.patch: minimize branching after
decryption in lib/auth/rsa_psk.c.
- CVE-2024-0553
-- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 12:25:14 -0500
Available diffs
gnutls28 (3.7.3-4ubuntu1.4) jammy-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
- debian/patches/CVE-2024-0553.patch: minimize branching after
decryption in lib/auth/rsa_psk.c.
- CVE-2024-0553
* SECURITY UPDATE: DoS via certificate chain with distributed trust
- debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
in lib/x509/common.c, tests/test-chains.h.
- CVE-2024-0567
-- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 12:22:01 -0500
Available diffs
gnutls28 (3.7.8-5ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
- debian/patches/CVE-2024-0553.patch: minimize branching after
decryption in lib/auth/rsa_psk.c.
- CVE-2024-0553
* SECURITY UPDATE: DoS via certificate chain with distributed trust
- debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
in lib/x509/common.c, tests/test-chains.h.
- CVE-2024-0567
-- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 11:20:36 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
- debian/patches/CVE-2024-0553.patch: minimize branching after
decryption in lib/auth/rsa_psk.c.
- CVE-2024-0553
* SECURITY UPDATE: DoS via certificate chain with distributed trust
- debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
in lib/x509/common.c, tests/test-chains.h.
- CVE-2024-0567
-- Marc Deslauriers <email address hidden> Thu, 18 Jan 2024 11:12:38 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu7) noble; urgency=medium
* Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config.
See lp-merge #458092 for context.
-- Adrien Nader <email address hidden> Wed, 03 Jan 2024 15:06:38 +0100
Available diffs
- diff from 3.8.1-4ubuntu6 to 3.8.1-4ubuntu7 (486 bytes)
gnutls28 (3.8.1-4ubuntu6) noble; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <email address hidden> Thu, 23 Nov 2023 14:04:17 -0500
Available diffs
- diff from 3.8.1-4ubuntu1 to 3.8.1-4ubuntu6 (3.5 KiB)
- diff from 3.8.1-4ubuntu5 to 3.8.1-4ubuntu6 (2.9 KiB)
| Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu5) noble; urgency=medium * armhf (-fstack-clash-protection) breakage rebuild -- Mate Kukri <email address hidden> Thu, 23 Nov 2023 15:13:53 +0000
Available diffs
- diff from 3.8.1-4ubuntu4 to 3.8.1-4ubuntu5 (351 bytes)
gnutls28 (3.6.13-2ubuntu1.9) focal-security; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:20:22 -0500
Available diffs
| Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu4) noble; urgency=medium * Don't run the testsuite under the influence of a configuration file. -- Adrien Nader <email address hidden> Fri, 17 Nov 2023 11:08:39 +0100
Available diffs
- diff from 3.8.1-4ubuntu3 to 3.8.1-4ubuntu4 (538 bytes)
gnutls28 (3.7.3-4ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:19:42 -0500
Available diffs
gnutls28 (3.7.8-5ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:18:54 -0500
Available diffs
gnutls28 (3.8.1-4ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: timing side-channel inside RSA-PSK key exchange
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
in lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/gnutls_int.h,
lib/priority.c.
- CVE-2023-5981
-- Marc Deslauriers <email address hidden> Fri, 17 Nov 2023 09:08:46 -0500
Available diffs
| Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu3) noble; urgency=medium * Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config. -- Adrien Nader <email address hidden> Fri, 27 Oct 2023 17:41:58 -0400
Available diffs
- diff from 3.8.1-4ubuntu2 to 3.8.1-4ubuntu3 (503 bytes)
| Superseded in noble-proposed |
gnutls28 (3.8.1-4ubuntu2) noble; urgency=medium * Rebuild against latest libunistring -- Jeremy BĂcha <email address hidden> Fri, 27 Oct 2023 06:48:46 -0400
Available diffs
- diff from 3.8.1-4ubuntu1 to 3.8.1-4ubuntu2 (335 bytes)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
gnutls28 (3.8.1-4ubuntu1) mantic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix logic for i386 autopkgtest on an amd64 host
Available diffs
- diff from 3.7.9-2ubuntu1 to 3.8.1-4ubuntu1 (4.9 MiB)
- diff from 3.8.1-3ubuntu1 to 3.8.1-4ubuntu1 (2.2 KiB)
| Superseded in mantic-proposed |
gnutls28 (3.8.1-3ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
Available diffs
gnutls28 (3.7.9-2ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
Available diffs
- diff from 3.7.8-5ubuntu1 to 3.7.9-2ubuntu1 (380.1 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
gnutls28 (3.7.8-5ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
Available diffs
gnutls28 (3.7.3-4ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: timing sidechannel in RSA decryption
- debian/patches/CVE-2023-0361-1.patch: side-step potential
side-channel in lib/auth/rsa.c.
- debian/patches/CVE-2023-0361-2.patch: remove dead code in
lib/auth/rsa.c.
- CVE-2023-0361
-- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:13:17 -0500
Available diffs
gnutls28 (3.6.13-2ubuntu1.8) focal-security; urgency=medium
* SECURITY UPDATE: timing sidechannel in RSA decryption
- debian/patches/CVE-2023-0361-1.patch: side-step potential
side-channel in lib/auth/rsa.c.
- debian/patches/CVE-2023-0361-2.patch: remove dead code in
lib/auth/rsa.c.
- CVE-2023-0361
-- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:13:51 -0500
Available diffs
gnutls28 (3.7.7-2ubuntu2.1) kinetic-security; urgency=medium
* SECURITY UPDATE: timing sidechannel in RSA decryption
- debian/patches/CVE-2023-0361-1.patch: side-step potential
side-channel in lib/auth/rsa.c.
- debian/patches/CVE-2023-0361-2.patch: remove dead code in
lib/auth/rsa.c.
- CVE-2023-0361
-- Marc Deslauriers <email address hidden> Tue, 14 Feb 2023 16:10:15 -0500
Available diffs
gnutls28 (3.7.8-4ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Dropped changes:
- Reduce parallelism in build to 2 to address FTBFS with lto
-- Adrien Nader <email address hidden> Thu, 19 Jan 2023 14:47:39 +0100
Available diffs
- diff from 3.7.7-2ubuntu2 to 3.7.8-4ubuntu1 (412.8 KiB)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
gnutls28 (3.7.7-2ubuntu2) kinetic; urgency=medium
* Fix Segmentation Fault due to misdetected Intel AVX support
(LP: #1988398)
-- Gregor Jasny <email address hidden> Thu, 01 Sep 2022 07:42:53 +0100
Available diffs
gnutls28 (3.7.3-4ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Double free in verification of pkcs7 signatures
- debian/patches/CVE-2022-2509.patch: fix double free during
gnutls_pkcs7_verify in lib/x509/pkcs7.c,
tests/pkcs7-verify-double-free.c, tests/Makefile.am.
- CVE-2022-2509
-- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:48:56 -0400
Available diffs
gnutls28 (3.5.18-1ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in MD_UPDATE
- debian/patches/CVE-2021-4209.patch: avoid calling _update with
zero-length input in lib/nettle/mac.c.
- CVE-2021-4209
* SECURITY UPDATE: Double free in verification of pkcs7 signatures
- debian/patches/CVE-2022-2509.patch: fix double free during
gnutls_pkcs7_verify in lib/x509/pkcs7.c,
tests/pkcs7-verify-double-free.c, tests/Makefile.am.
- CVE-2022-2509
-- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:58:39 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.7) focal-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in MD_UPDATE
- debian/patches/CVE-2021-4209.patch: avoid calling _update with
zero-length input in lib/nettle/mac.c.
- CVE-2021-4209
* SECURITY UPDATE: Double free in verification of pkcs7 signatures
- debian/patches/CVE-2022-2509.patch: fix double free during
gnutls_pkcs7_verify in lib/x509/pkcs7.c,
tests/pkcs7-verify-double-free.c, tests/Makefile.am.
- CVE-2022-2509
-- Marc Deslauriers <email address hidden> Tue, 02 Aug 2022 08:50:52 -0400
Available diffs
gnutls28 (3.7.7-2ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.6-2ubuntu1 to 3.7.7-2ubuntu1 (411.8 KiB)
gnutls28 (3.7.6-2ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.4-2ubuntu1 to 3.7.6-2ubuntu1 (627.7 KiB)
gnutls28 (3.7.4-2ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.3-4ubuntu1 to 3.7.4-2ubuntu1 (913.5 KiB)
- diff from 3.7.4-2 (in Debian) to 3.7.4-2ubuntu1 (4.0 KiB)
gnutls28 (3.7.4-2) unstable; urgency=low
* 40_srptest_doubletimeout.diff: Increase timeout for tests/srp to fix
occasionasonal error on slow buildds (mipsel, hppa).
* Upload to unstable.
-- Andreas Metzler <email address hidden> Thu, 14 Apr 2022 08:54:25 +0200
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
gnutls28 (3.7.3-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-5ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
gnutls28 (3.7.2-2ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Reduce parallelism in build to 2 to address FTBFS with lto
Available diffs
- diff from 3.7.1-5ubuntu1 to 3.7.2-2ubuntu1 (911.1 KiB)
gnutls28 (3.4.10-4ubuntu1.9) xenial; urgency=medium
* Backport patches from Upstream/Debian to check validity against system
certs. This is to allow correctly validating default letsencrypt
chains that now also include a redundant expired certficate. LP:
#1928648
-- Dimitri John Ledkov <email address hidden> Fri, 27 Aug 2021 14:19:17 +0100
Available diffs
gnutls28 (3.5.18-1ubuntu1.5) bionic; urgency=medium
* Backport patches from Upstream/Debian to check validity against system
certs. This is to allow correctly validating default letsencrypt
chains that now also include a redundant expired certficate. LP:
#1928648
-- Dimitri John Ledkov <email address hidden> Wed, 25 Aug 2021 19:11:11 +0100
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
gnutls28 (3.7.1-5ubuntu1) impish; urgency=low * Merge from Debian unstable (LP: #1939739). Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). - Reduce parallelism in build to 2 to address FTBFS with lto * Add LP bug number to previous merge entry in changelog
Available diffs
gnutls28 (3.6.13-2ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: use after free issue in key_share extension
- debian/patches/CVE-2021-20231.patch: avoid use-after-free around
realloc in lib/ext/key_share.c.
- CVE-2021-20231
* SECURITY UPDATE: use after free issue in client_send_params
- debian/patches/CVE-2021-20232.patch: avoid use-after-free around
realloc in lib/ext/pre_shared_key.c.
- CVE-2021-20232
-- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 09:56:04 -0400
Available diffs
- diff from 3.6.13-2ubuntu1.3 to 3.6.13-2ubuntu1.6 (3.6 KiB)
- diff from 3.6.13-2ubuntu1.5~test1 to 3.6.13-2ubuntu1.6 (pending)
gnutls28 (3.7.1-4ubuntu1) impish; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
Available diffs
- diff from 3.7.1-3ubuntu1 to 3.7.1-4ubuntu1 (18.0 KiB)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
* Merge CVE fixes CVE-2021-20231 CVE-2021-20232
Available diffs
- diff from 3.7.0-5ubuntu1 to 3.7.1-3ubuntu1 (386.6 KiB)
| Deleted in focal-proposed (Reason: moved to -updates) |
gnutls28 (3.6.13-2ubuntu1.5) focal; urgency=medium
* testpkcs11: use datefudge to allow testing with expired certificates.
(LP: #1910255)
* debian/patches/update-status-request-revoked.patch: update the
status-request-revoked.c test so that it passes and the package builds.
-- Brian Murray <email address hidden> Mon, 01 Mar 2021 12:27:48 -0800
Available diffs
| Superseded in focal-proposed |
gnutls28 (3.6.13-2ubuntu1.4) focal; urgency=medium
* testpkcs11: use datefudge to allow testing with expired certificates.
(LP: #1910255)
-- Brian Murray <email address hidden> Mon, 01 Mar 2021 12:27:48 -0800
Available diffs
| Deleted in groovy-proposed (Reason: The package was removed due to its SRU bug(s) not being v...) |
gnutls28 (3.6.15-4ubuntu2.1) groovy; urgency=medium
* testpkcs11: use datefudge to allow testing with expired certificates.
(LP: #1910255)
-- Brian Murray <email address hidden> Fri, 26 Feb 2021 16:23:02 -0800
Available diffs
gnutls28 (3.7.0-5ubuntu1) hirsute; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Add patch to fix ftbfs gnulib with new glibc.
Available diffs
| Superseded in groovy-proposed |
gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.6.13-4ubuntu5) groovy; urgency=medium
* SECURITY UPDATE: null pointer deref via no_renegotiation alert
- debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if
handshake is incomplete in lib/gnutls_int.h, lib/handshake.c.
- CVE-2020-24659
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2020 10:09:39 -0400
Available diffs
gnutls28 (3.6.13-2ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: null pointer deref via no_renegotiation alert
- debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if
handshake is incomplete in lib/gnutls_int.h, lib/handshake.c.
- CVE-2020-24659
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2020 10:07:34 -0400
Available diffs
gnutls28 (3.6.13-4ubuntu4) groovy; urgency=medium * No change rebuild against new libnettle8 and libhogweed6 ABI. -- Dimitri John Ledkov <email address hidden> Mon, 29 Jun 2020 22:24:52 +0100
Available diffs
- diff from 3.6.13-4ubuntu2 to 3.6.13-4ubuntu4 (2.3 KiB)
- diff from 3.6.13-4ubuntu3 to 3.6.13-4ubuntu4 (332 bytes)
| Superseded in groovy-proposed |
gnutls28 (3.6.13-4ubuntu3) groovy; urgency=medium * Enable CET. -- Dimitri John Ledkov <email address hidden> Sun, 28 Jun 2020 23:48:44 +0100
Available diffs
gnutls28 (3.6.13-2ubuntu1.2) focal; urgency=medium
* d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
Handle zero length session tickets, fixing connection errors on
TLS1.2 sessions to some big hosting providers. (LP: #1876286)
-- Sebastien Bacher <email address hidden> Mon, 15 Jun 2020 17:10:12 +0200
Available diffs
gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium
* d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
- add support for zero length session tickets returned from the server,
thanks Rod for the backport and testing! (lp: #1876286)
-- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 23:06:13 +0200
Available diffs
gnutls28 (3.5.18-1ubuntu1.4) bionic; urgency=medium
* d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
- add support for zero length session tickets returned from the server,
thanks Rod for the backport and testing! (lp: #1876286)
-- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 12:03:27 +0200
Available diffs
gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: flaw in TLS session ticket key construction
- debian/patches/CVE-2020-13777.patch: differentiate initial state from
valid time window of TOTP in lib/stek.c,
tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
- CVE-2020-13777
-- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 13:12:39 -0400
Available diffs
- diff from 3.6.13-2ubuntu1 to 3.6.13-4ubuntu2 (10.9 KiB)
- diff from 3.6.13-4ubuntu1 to 3.6.13-4ubuntu2 (2.2 KiB)
| Superseded in groovy-proposed |
gnutls28 (3.6.13-4ubuntu1) groovy; urgency=medium
* Resynchronize with Debian; remaining changes:
Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
gnutls28 (3.6.13-2ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: flaw in TLS session ticket key construction
- debian/patches/CVE-2020-13777.patch: differentiate initial state from
valid time window of TOTP in lib/stek.c,
tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
- CVE-2020-13777
-- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 07:18:21 -0400
Available diffs
gnutls28 (3.6.9-5ubuntu1.2) eoan-security; urgency=medium
* SECURITY UPDATE: flaw in TLS session ticket key construction
- debian/patches/CVE-2020-13777.patch: differentiate initial state from
valid time window of TOTP in lib/stek.c,
tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
- CVE-2020-13777
-- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 07:19:51 -0400
Available diffs
gnutls28 (3.6.9-5ubuntu1.1) eoan-security; urgency=medium
* SECURITY UPDATE: incorrect randomness in DTLS negotiation
- debian/patches/CVE-2020-11501.patch: fix zeroed random in
lib/handshake.c.
- CVE-2020-11501
-- Marc Deslauriers <email address hidden> Mon, 06 Apr 2020 08:05:51 -0400
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
gnutls28 (3.6.13-2ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
with medium security profile (2048 RSA keys minimum, and similar).
Available diffs
| Superseded in focal-proposed |
gnutls28 (3.6.11.1-2ubuntu3) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <email address hidden> Sat, 21 Mar 2020 13:27:21 +0100
Available diffs
- diff from 3.6.11.1-2ubuntu2 to 3.6.11.1-2ubuntu3 (348 bytes)
gnutls28 (3.4.10-4ubuntu1.7) xenial-security; urgency=medium
* SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a
priority string (LP: #1860656)
- debian/patches/allow_broken_priority_string.patch: introduce the
%VERIFY_ALLOW_BROKEN priority string option.
- debian/patches/allow_sha1_priority_string.patch: introduce the
%VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option.
-- Marc Deslauriers <email address hidden> Thu, 23 Jan 2020 08:47:43 -0500
Available diffs
gnutls28 (3.5.18-1ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a
priority string (LP: #1860656)
- debian/patches/allow_broken_priority_string.patch: introduce the
%VERIFY_ALLOW_BROKEN priority string option.
- debian/patches/allow_sha1_priority_string.patch: introduce the
%VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option.
-- Marc Deslauriers <email address hidden> Thu, 23 Jan 2020 08:39:38 -0500
Available diffs
gnutls28 (3.6.11.1-2ubuntu2) focal; urgency=medium
* Refresh 1158.patch to the one that got merged upstream.
* Import 1168.patch merge request that makes openssl-compat test suite
pass against openssl compiled with SECLEVEL=2.
Available diffs
| Superseded in focal-proposed |
gnutls28 (3.6.11.1-2ubuntu1) focal; urgency=medium
* Import upstream pullrequest patch to allow overriding default priority
string.
* Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
with medium security profile (2048 RSA keys minimum, and similar).
-- Dimitri John Ledkov <email address hidden> Fri, 10 Jan 2020 00:48:29 +0000
Available diffs
gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium
* SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
- debian/patches/insecuresha1-*.patch: backport upstream patches to
allow marking SHA1 as insecure, but only for certificate signing.
- debian/libgnutls30.symbols: added new symbol.
-- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 12:52:12 -0500
Available diffs
gnutls28 (3.5.18-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
- debian/patches/insecuresha1-*.patch: backport upstream patches to
allow marking SHA1 as insecure, but only for certificate signing.
- debian/libgnutls30.symbols: added new symbol.
-- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 10:39:00 -0500
Available diffs
| 1 → 75 of 166 results | First • Previous • Next • Last |
