Ubuntu
gnutls28 package

Change log for gnutls28 package in Ubuntu

76150 of 167 results FirstLast
Superseded in bionic-updates
Superseded in bionic-security 
gnutls28 (3.5.18-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
    - debian/patches/insecuresha1-*.patch: backport upstream patches to
      allow marking SHA1 as insecure, but only for certificate signing.
    - debian/libgnutls30.symbols: added new symbol.

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jan 2020 10:39:00 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gnutls28 (3.6.11.1-2) unstable; urgency=low

  * Use dh 12 compat level.
    + Install gtk-doc files from as-installed location instead of builddir to
      avoid dh_missing warnings.
  * List *.la files in debian/not-installed.
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 14 Dec 2019 18:07:49 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gnutls28 (3.6.10-5) unstable; urgency=medium

  * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
    50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream
    GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!)
    Closes: #943905

 -- Andreas Metzler <email address hidden>  Sat, 16 Nov 2019 18:41:44 +0100
Superseded in focal-proposed 
gnutls28 (3.6.10-4) unstable; urgency=medium

  * Add support for noguile build profile. See #943905.

 -- Andreas Metzler <email address hidden>  Sat, 02 Nov 2019 06:30:43 +0100
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
gnutls28 (3.6.9-5ubuntu2) focal; urgency=medium

  * No-change rebuild against libnettle7

 -- Steve Langasek <email address hidden>  Thu, 31 Oct 2019 22:11:03 +0000

Available diffs

Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to Release) 
gnutls28 (3.6.9-5ubuntu1) eoan; urgency=medium

  * Build-depend on texlive-plain-generic instead of obsolete texlive-
    generic-recommended.

 -- Steve Langasek <email address hidden>  Tue, 01 Oct 2019 13:25:29 -0700
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to Release) 
gnutls28 (3.6.9-5) unstable; urgency=medium

  * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
    GIT master: Fix interop problems with gnutls 2.x. Closes: #933538

 -- Andreas Metzler <email address hidden>  Sat, 14 Sep 2019 13:38:41 +0200
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.9-4build1) eoan; urgency=medium

  * No-change upload with strops.h and sys/strops.h removed in glibc.

 -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 10:50:47 +0000
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.9-4) unstable; urgency=medium

  * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
    assembly code. (Thanks, Steve Langasek for report and patch!)
    Closes: #934193

 -- Andreas Metzler <email address hidden>  Thu, 08 Aug 2019 19:40:21 +0200
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.9-3ubuntu1) eoan; urgency=medium

  * debian/patches/i386-fix-wrong-reloc.patch: fix relocation problem on
    i386.

 -- Steve Langasek <email address hidden>  Wed, 07 Aug 2019 18:04:43 -0700
Superseded in eoan-proposed 
gnutls28 (3.6.9-3) unstable; urgency=medium

  * autopkgtest: Skip system-override-sig-hash.sh.

 -- Andreas Metzler <email address hidden>  Sat, 03 Aug 2019 06:48:46 +0200

Available diffs

Superseded in eoan-proposed 
gnutls28 (3.6.9-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Fri, 02 Aug 2019 19:12:42 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.8-2) unstable; urgency=low

  * Use DH 11 compat again.
  * 3.6.8 builds with gcc-9. Closes: #925701
  * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
    Andres Klode) Closes: #930541
    See also https://gitlab.com/gnutls/gnutls/merge_requests/986
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 06 Jul 2019 14:10:29 +0200
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.7-4ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/add-openssl-test-link.patch: add link for libssl
    - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
      letting it be assumed
  * Dropped changes, years old, never upstreamed, and presumed obsolete:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.

Available diffs

Superseded in xenial-updates
Superseded in xenial-security 
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
      field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c.
    - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
      blocks that would have been on minimum pad in lib/gnutls_cipher.c.
    - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
      SSL3.0 in lib/gnutls_cipher.c.
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.
    - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
      tests/pkcs12_encode.c.
    - CVE-2018-10844
    - CVE-2018-10845
    - CVE-2018-10846

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:32:56 -0400
Superseded in bionic-updates
Superseded in bionic-security 
gnutls28 (3.5.18-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
      field in SHA384 HMAC in lib/algorithms/mac.c, lib/cipher.c.
    - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
      blocks that would have been on minimum pad in lib/cipher.c.
    - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
      SSL3.0 in lib/cipher.c.
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/priority.c,
      tests/dtls1-2-mtu-check.c, tests/priorities.c.
    - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
      tests/pkcs12_encode.c.
    - CVE-2018-10844
    - CVE-2018-10845
    - CVE-2018-10846
  * SECURITY UPDATE: double free in cert verification API
    - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
      gnutls_free() in lib/includes/gnutls/gnutls.h.in.
    - debian/patches/CVE-2019-3829-2.patch: fix some casts in
      lib/extensions.c.
    - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
      in lib/x509/x509.c.
    - CVE-2019-3829

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:18:12 -0400
Obsolete in cosmic-updates
Obsolete in cosmic-security 
gnutls28 (3.6.4-2ubuntu1.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: double free in cert verification API
    - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
      gnutls_free() in lib/includes/gnutls/gnutls.h.in.
    - debian/patches/CVE-2019-3829-2.patch: remove redundant resets of
      variables after free().
    - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
      in lib/x509/x509.c.
    - CVE-2019-3829
  * SECURITY UPDATE: uninitialized pointer access
    - debian/patches/CVE-2019-3836.patch: add missing initialization of
      local variable in lib/handshake-tls13.c.
    - CVE-2019-3836

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:14:35 -0400
Obsolete in disco-updates
Obsolete in disco-security 
gnutls28 (3.6.5-2ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: double free in cert verification API
    - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
      gnutls_free() in lib/includes/gnutls/gnutls.h.in.
    - debian/patches/CVE-2019-3829-2.patch: remove redundant resets of
      variables after free().
    - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
      in lib/x509/x509.c.
    - CVE-2019-3829
  * SECURITY UPDATE: uninitialized pointer access
    - debian/patches/CVE-2019-3836.patch: add missing initialization of
      local variable in lib/handshake-tls13.c.
    - CVE-2019-3836

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:00:08 -0400
Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.7-3ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
    - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
      letting it be assumed

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
gnutls28 (3.6.7-2ubuntu3) eoan; urgency=medium

  * Revert previous upload, move setting of ac_cv_sizeof_time_t to
    debian/tests/run-upstream-testsuite.

 -- Julian Andres Klode <email address hidden>  Mon, 29 Apr 2019 17:21:07 +0200
Superseded in eoan-proposed 
gnutls28 (3.6.7-2ubuntu2) eoan; urgency=medium

  * tests-cert-tests-crl-Try-to-infer-64-bit-time-using-.patch: Try to figure
    out if we have a 64-bit timestamp using date(1), rather than just assuming
    it for out-of-tree tests.

 -- Julian Andres Klode <email address hidden>  Mon, 29 Apr 2019 12:29:03 +0200

Available diffs

Superseded in eoan-proposed 
gnutls28 (3.6.7-2ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Superseded in cosmic-updates
Deleted in cosmic-proposed (Reason: moved to -updates) 
gnutls28 (3.6.4-2ubuntu1.1) cosmic; urgency=medium

  * gnutls-3.6.4-fix-rehandshake.patch: Fix rehandshake breaking glib
    stuff (LP: #1804673)

 -- Julian Andres Klode <email address hidden>  Mon, 21 Jan 2019 08:56:16 +0100
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release) 
gnutls28 (3.6.5-2ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * this is a new upstream release including a fix for LP: #1804673

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
gnutls28 (3.6.4-2ubuntu2) disco; urgency=medium

  * No-change rebuild against libunbound8

 -- Steve Langasek <email address hidden>  Sun, 11 Nov 2018 09:01:12 +0000
Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gnutls28 (3.6.4-2ubuntu1) cosmic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * 0001-Skip-tests-tls13-prf.c-if-visibility-protected-doesn.patch:
    cherrypick upstream patch to fix test-suite with symbolic-functions
  * This upstream release includes TLS 1.3 support.
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
gnutls28 (3.5.19-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Published in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates) 
gnutls28 (3.2.11-2ubuntu1.2) trusty; urgency=medium

  * debian/patches/check_same_certificate_not_only_issuer.patch: when
    verifying, check for the same certificate in the trusted list,
    not only the issuer.
  * debian/patches/compare_ca_name_and_key.patch: when comparing a CA
    certificate with the trusted list, compare the name and key.
    (LP: #1722411)

 -- Anders Kaseorg <email address hidden>  Wed, 17 Jan 2018 16:23:47 -0500
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
gnutls28 (3.5.18-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
gnutls28 (3.5.17-1ubuntu3) bionic; urgency=medium

  * Rebuild against new libunistring 0.9.9.

 -- Gianfranco Costamagna <email address hidden>  Sun, 04 Mar 2018 09:24:47 +0100
Superseded in bionic-proposed 
gnutls28 (3.5.17-1ubuntu2) bionic; urgency=medium

  * Stop building with --with-included-unistring now that we get a new
    unistring

 -- Julian Andres Klode <email address hidden>  Tue, 13 Feb 2018 16:14:36 +0100
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
gnutls28 (3.5.17-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * Build with --with-included-unistring for now as our libunistring is
    too old and needs a transition.

Available diffs

Obsolete in zesty-updates
Deleted in zesty-proposed (Reason: moved to -updates) 
gnutls28 (3.5.6-4ubuntu4.3) zesty; urgency=medium

  * Cherry pick several fixes from Debian 3.5.8-5+deb9u3:
    - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
      38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
      gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
      signatures. LP: #1714506
    - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
      upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
      decryption on aarch64. LP: #1707172

 -- Julian Andres Klode <email address hidden>  Sat, 02 Sep 2017 16:12:49 +0200
Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gnutls28 (3.5.8-6ubuntu3) artful; urgency=medium

  * Cherry pick several fixes from Debian 3.5.8-5+deb9u3:
    - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
      38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
      gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
      signatures. LP: #1714506
    - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
      upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
      decryption on aarch64. LP: #1707172

 -- Julian Andres Klode <email address hidden>  Sat, 02 Sep 2017 16:12:49 +0200

Available diffs

Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium

  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
    which includes TLS1.2 support. (LP: #1709193)

 -- Simon Deziel <email address hidden>  Mon, 07 Aug 2017 23:04:43 +0000
Superseded in zesty-updates
Superseded in zesty-proposed 
gnutls28 (3.5.6-4ubuntu4.2) zesty; urgency=medium

  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
    which includes TLS1.2 support. (LP: #1709193)

 -- Simon Deziel <email address hidden>  Thu, 10 Aug 2017 12:47:14 +0000
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gnutls28 (3.5.8-6ubuntu2) artful; urgency=medium

  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
    which includes TLS1.2 support. (LP: #1709193)

 -- Simon Deziel <email address hidden>  Thu, 10 Aug 2017 00:34:06 +0000

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gnutls28 (3.5.8-6ubuntu1) artful; urgency=medium

  * Merge with Debian. Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Superseded in xenial-updates
Superseded in xenial-security 
gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference via status response TLS
    extension decoding
    - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
      properly deinitialized in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
      from client extension in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-3.patch: documented requirements for
      parameters in lib/ext/status_request.c.
    - CVE-2017-7507
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

 -- Marc Deslauriers <email address hidden>  Mon, 12 Jun 2017 09:32:37 -0400
Superseded in zesty-updates
Obsolete in zesty-security 
gnutls28 (3.5.6-4ubuntu4.1) zesty-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference via status response TLS
    extension decoding
    - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
      properly deinitialized in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
      from client extension in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-3.patch: documented requirements for
      parameters in lib/ext/status_request.c.
    - CVE-2017-7507
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

 -- Marc Deslauriers <email address hidden>  Mon, 12 Jun 2017 09:26:39 -0400
Obsolete in yakkety-updates
Obsolete in yakkety-security 
gnutls28 (3.5.3-5ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference via status response TLS
    extension decoding
    - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
      properly deinitialized in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
      from client extension in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-3.patch: documented requirements for
      parameters in lib/ext/status_request.c.
    - CVE-2017-7507
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

 -- Marc Deslauriers <email address hidden>  Mon, 12 Jun 2017 09:31:08 -0400
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium

  * Merge with Debian. Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gnutls28 (3.5.6-4ubuntu4) zesty; urgency=medium

  * Fix FTBFS because of failing test (LP: #1679868)
    - debian/patches/fix_tests_timezone.patch: address test suite failure
      due to timezone differences in tests/cert-tests/pkcs7.

 -- Marc Deslauriers <email address hidden>  Wed, 05 Apr 2017 10:06:24 -0400

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gnutls28 (3.5.6-4ubuntu3) zesty; urgency=medium

  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337

 -- Marc Deslauriers <email address hidden>  Wed, 01 Feb 2017 14:21:40 -0500

Available diffs

Superseded in xenial-updates
Superseded in xenial-security 
gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: OCSP validation issue
    - debian/patches/CVE-2016-7444.patch: correctly verify the serial
      length in lib/x509/ocsp.c.
    - CVE-2016-7444
  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
      lib/gnutls_state.c.
    - CVE-2016-8610
  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337
  * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
    expired certs.

 -- Marc Deslauriers <email address hidden>  Thu, 26 Jan 2017 10:14:03 -0500
Superseded in yakkety-updates
Superseded in yakkety-security 
gnutls28 (3.5.3-5ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/handshake.c, lib/state.c.
    - CVE-2016-8610
  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337

 -- Marc Deslauriers <email address hidden>  Thu, 26 Jan 2017 08:24:51 -0500
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gnutls28 (3.5.6-4ubuntu2) zesty; urgency=medium

  * d/p/dname-api-*.patch fix gnutls api breakage on dname order in
    gnutls 3.5.6 (LP: #1641615)
    - d/libgnutls30.symbols add new symbols added by the upstream fix

 -- Christian Ehrhardt <email address hidden>  Thu, 17 Nov 2016 08:39:43 +0100

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
gnutls28 (3.5.6-4ubuntu1) zesty; urgency=medium

  * Merge with Debian.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * New upstream version avoids getrandom() at initialization which caused
    NetworkManager to hang at boot. (LP: #1622893)

Available diffs

Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.5.3-5ubuntu1) yakkety; urgency=medium

  * Merge with Debian (LP: #1624856).  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.5.3-4ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.5.3-3ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.5.2-2ubuntu4) yakkety; urgency=medium

  * Revert the last change, fail again on failed tests.

 -- Matthias Klose <email address hidden>  Thu, 11 Aug 2016 17:15:26 +0200
Superseded in yakkety-proposed 
gnutls28 (3.5.2-2ubuntu3) yakkety; urgency=medium

  * Ignore the test results for a first build.

 -- Matthias Klose <email address hidden>  Thu, 11 Aug 2016 15:22:38 +0200

Available diffs

Superseded in yakkety-proposed 
gnutls28 (3.5.2-2ubuntu2) yakkety; urgency=medium

  * Ignore the test results for a first build.

 -- Matthias Klose <email address hidden>  Thu, 11 Aug 2016 15:22:38 +0200

Available diffs

Superseded in yakkety-proposed 
gnutls28 (3.5.2-2ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable (LP: #1608129). Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.4.14-1ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.
  * Drop rename from libgnutls28-dev to libgnutls-dev.  No sign that Debian
    is ever going to make this change, and only 14 packages build-depend on
    libgnutls-dev in Ubuntu, so this is an unnecessary delta.
Superseded in yakkety-proposed 
gnutls28 (3.4.14-1) unstable; urgency=medium

  * Also mark b-d on net-tools/freebsd-net-tools as optional via the
    <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
    patch). Closes: #826693
  * New upstream bugfix release. This includes the following fix:
    + libgnutls: Address issue when utilizing the p11-kit trust store
      for certificate verification (GNUTLS-SA-2016-2).
    The issue is not relevant for the Debian binary packages, since we do not
    build with --with-default-trust-store-pkcs11=.


 -- Andreas Metzler <email address hidden>  Sat, 09 Jul 2016 14:01:05 +0200
Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium

  * SRU: LP: #1592693.
  * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
    in xenial.

 -- Matthias Klose <email address hidden>  Wed, 15 Jun 2016 10:00:17 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
gnutls28 (3.4.11-4ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - Make gnutls28 default.
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.

Available diffs

Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    - Make gnutls28 default.
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
gnutls28 (3.3.20-1ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Make gnutls28 default.
  * debian/patches/disable_global_init_override_test.patch: disable failing
    test.
Obsolete in vivid-updates
Obsolete in vivid-security 
gnutls28 (3.3.8-3ubuntu3.2) vivid-security; urgency=medium

  * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: properly set value in
      auth/cert.c, do not consider any values from the extension data to
      decide acceptable algorithms in lib/ext/signature.c, added test to
      tests/Makefile.am, tests/sign-md5-rep.c.
    - CVE-2015-7575

 -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 10:34:56 -0500
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
gnutls28 (3.3.18-1ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Make gnutls28 default.

Available diffs

Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium

  * SECURITY UPDATE: Double free in certificate DN decoding
    - debian/patches/CVE-2015-6251.patch: Reset the output value on error
      in lib/x509/common.c.
    - CVE-2015-6251

 -- Marc Deslauriers <email address hidden>  Mon, 31 Aug 2015 14:45:42 -0400
Superseded in vivid-updates
Superseded in vivid-security 
gnutls28 (3.3.8-3ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: Double free in parsing of dist points
    - debian/patches/CVE-2015-3308.patch: clear san.data and san.size in
      lib/x509/x509_ext.c.
    - CVE-2015-3308
  * SECURITY UPDATE: Double free in certificate DN decoding
    - debian/patches/CVE-2015-6251.patch: Reset the output value on error
      in lib/x509/common.c.
    - CVE-2015-6251

 -- Marc Deslauriers <email address hidden>  Mon, 31 Aug 2015 14:49:12 -0400
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Make gnutls28 default.
Published in precise-updates
Published in precise-security 
gnutls28 (3.0.11-1ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service and possible remote arbitrary code
    execution via crafted ServerHello message
    - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
      session id size. Based on upstream patch. (LP: #1326779)

 -- Tyler Hicks <email address hidden>  Thu, 11 Jun 2015 10:51:35 -0500
Superseded in trusty-updates
Published in trusty-security 
gnutls28 (3.2.11-2ubuntu1.1) trusty-security; urgency=medium

  [ Gianfranco Costamagna ]
  * SECURITY UPDATE: Denial of service and possible remote arbitrary code
    execution via crafted ServerHello message
    - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
      session id size. Based on upstream patch. (LP: #1326779)

  [ Tyler Hicks ]
  * debian/patches/21_CVE-2014-3466.patch: Fold in the test for
    CVE-2014-3466's fix. Based on upstream patch.

 -- Tyler Hicks <email address hidden>  Thu, 11 Jun 2015 10:42:35 -0500
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Make gnutls28 default.
  * Dropped patches included in new version:
    - debian/patches/CVE-2015-0294.patch
    - debian/patches/CVE-2014-8564.patch

Available diffs

Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: certificate algorithm consistency issue
    - debian/patches/CVE-2015-0294.patch: make sure the two signature
      algorithms match on cert import in lib/x509/x509.c.
    - CVE-2015-0294
 -- Marc Deslauriers <email address hidden>   Fri, 20 Mar 2015 08:16:02 -0400

Available diffs

Obsolete in utopic-updates
Obsolete in utopic-security 
gnutls28 (3.2.16-1ubuntu2.2) utopic-security; urgency=medium

  * SECURITY UPDATE: certificate algorithm consistency issue
    - debian/patches/CVE-2015-0294.patch: make sure the two signature
      algorithms match on cert import in lib/x509/x509.c.
    - CVE-2015-0294
 -- Marc Deslauriers <email address hidden>   Fri, 20 Mar 2015 08:20:53 -0400
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
gnutls28 (3.3.8-3ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    elliptic curves parameter printing
    - debian/patches/CVE-2014-8564.patch: add more sanity checks in
      lib/gnutls_ecc.c.
    - CVE-2014-8564
 -- Marc Deslauriers <email address hidden>   Mon, 10 Nov 2014 15:18:59 -0500

Available diffs

Superseded in utopic-updates
Superseded in utopic-security 
gnutls28 (3.2.16-1ubuntu2.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    elliptic curves parameter printing
    - debian/patches/CVE-2014-8564.patch: add more sanity checks in
      lib/gnutls_ecc.c.
    - CVE-2014-8564
 -- Marc Deslauriers <email address hidden>   Mon, 10 Nov 2014 15:21:47 -0500
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
gnutls28 (3.3.8-3ubuntu1) vivid; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Make gnutls28 default.
76150 of 167 results FirstLast