-
gnutls13 (2.0.4-1ubuntu2.9) hardy-security; urgency=low
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/91_CVE-2013-1619.diff: avoid timing attacks in
lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
- CVE-2013-1619
-- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 13:50:40 -0500
-
gnutls13 (2.0.4-1ubuntu2.8) hardy-proposed; urgency=low
* Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).
-- Thorsten Glaser <email address hidden> Thu, 31 May 2012 13:48:18 +0200
-
gnutls13 (2.0.4-1ubuntu2.7) hardy-security; urgency=low
* SECURITY UPDATE: Denial of service in client application
- debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
- CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
- debian/patches/CVE-2012-1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573
-- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
-
gnutls13 (2.0.4-1ubuntu2.6) hardy-security; urgency=low
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required updating _gnutls_hostname_compare() in
lib/x509/rfc2818_hostname.c to support wide wildcard hostname matching.
This is a backward compatible change and which only adds additional
matching of hostnames.
- CVE-2009-2730
-- Jamie Strandboge <email address hidden> Fri, 14 Aug 2009 14:57:08 -0500
-
gnutls13 (2.0.4-1ubuntu2.5) hardy-security; urgency=low
* Fix for certificate chain regressions introduced by fixes for
CVE-2008-4989
* debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
address all known regressions. To summarize from upstream:
- Fix X.509 certificate chain validation error (CVE-2008-4989)
- Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
- Deprecate X.509 validation chains using MD5 and MD2 signatures
- Accept chains where intermediary certs are trusted (LP: #305264)
-- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 13:02:36 -0600
-
gnutls13 (2.0.4-1ubuntu2.4) hardy-proposed; urgency=low
* Bump up maximum handshake packet size. Some clients needs this,
especially when talking to some Intrepid services (LP: #292604).
-- Kees Cook <email address hidden> Tue, 13 Jan 2009 18:10:08 -0800
-
gnutls13 (2.0.4-1ubuntu2.3) hardy-security; urgency=low
* Fix for regression where some valid certificate chains would be untrusted
- Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
is self-signed and prevent verifying self-signed certificates against
themselves. Patch from upstream.
- http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
- LP: #305264
-- Jamie Strandboge <email address hidden> Fri, 05 Dec 2008 14:47:31 -0600
-
gnutls13 (2.0.4-1ubuntu2.2) hardy-security; urgency=low
* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
validation
- debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
if it is self-signed in lib/x509/verify.c
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
- CVE-2008-4989
-- Jamie Strandboge <email address hidden> Tue, 25 Nov 2008 03:52:47 -0600
-
gnutls13 (2.0.4-1ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
GNUTLS-SA-2008-1
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
-- Kees Cook <email address hidden> Tue, 20 May 2008 18:20:22 -0700
-
gnutls13 (2.0.4-1ubuntu2) hardy; urgency=low
* Pulled from upstream, by way of Debian:
+ debian/patches/20_nulltermfix_465197.diff
Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
et al. to not null terminate binary strings and return the proper
size.
+ debian/patches/21_nulltermfix_465197_part2.diff
corrected string handling in parse_general_name.
-- Steve Langasek <email address hidden> Fri, 22 Feb 2008 07:39:07 +0000
-
gnutls13 (2.0.4-1ubuntu1) hardy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/rules: Use clean-la.mk.
gnutls13 (2.0.4-1) unstable; urgency=low
* New upstream version. (Closes: #451564)
- TLS authorization support removed. (Functions are still there, but a noop
now.)
- Bump shlibs due to added functions.
-- Martin Pitt <email address hidden> Mon, 03 Dec 2007 11:10:37 +0100
-
gnutls13 (2.0.1-1ubuntu1) hardy; urgency=low
* Use clean-la.mk to remove the dependencies from the .la files.
-- Martin Pitt <email address hidden> Tue, 06 Nov 2007 16:36:37 -0500
-
gnutls13 (2.0.1-1) unstable; urgency=low
* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
(Closes: #441740)
gnutls13 (1.7.19-1) unstable; urgency=low
* New upstream version 1.7.19.
- Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
This takes of care of the mutt breakage. Closes: #439640
gnutls13 (1.7.18-2) unstable; urgency=low
* Upload to unstable
gnutls13 (1.7.18-1) experimental; urgency=low
* New upstream version 1.7.18, release candidate for 2.0.
* Bump shlibs, since functions have been added.
* Image files renamed upstream with gnutls- prefix and symlinked to
/usr/share/info/ in Debian package. Closes: #423577
gnutls13 (1.7.16-1) experimental; urgency=low
* New upstream version 1.7.16.
gnutls13 (1.7.14-1) experimental; urgency=low
* New upstream version
- fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
gnutls13 (1.7.12-1) experimental; urgency=low
* New upstream version 1.7.12
- Fixes memory errors in certificate parsing. Closes: #333050
* Bump shlibs, due to API extensions in 1.7.10.
* Rebuilding of docs simpified, strip debian/README.source_and_patches to
reflect that.
gnutls13 (1.7.9-1) experimental; urgency=low
* Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
* New upstream version.
- Uses opencdk10 (0.6.x).
- Improved gnutls_set_default_priority() priorities, with matching correct
docs. (Closes: #422024)
- bumped shlibs.
* Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
twice in a row on the same sourcetree. (Closes: #424357) Document what is
needed to rebuild doc/gnutls.pdf in README.source_and_patches.
gnutls13 (1.7.7-1) experimental; urgency=low
* New development upstream version 1.7.7.
- Point watchfile to development versions.
- Bump shlibs for added APIs.
- Includes German translation. (Closes: #392857)
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 16:26:54 +0100
-
gnutls13 (1.6.3-1build1) gutsy; urgency=low
* Trigger rebuild for hppa.
-- LaMont Jones <email address hidden> Tue, 02 Oct 2007 06:32:42 -0600
