-
gnutls28 (3.8.5-3ubuntu1) oracular; urgency=medium
* Merge with Debian; remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config.
- Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config.
- Fix logic for i386 autopkgtest on an amd64 host
- Don't run the testsuite under the influence of a configuration file.
gnutls28 (3.8.5-3) unstable; urgency=low
* Replace 45_Revert_Add-option-to-disable-RSAES-PKCS1-v1_5.patch with
46_Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch from upstrream GIT
master.
-- Gianfranco Costamagna <email address hidden> Sat, 01 Jun 2024 21:32:09 +0200
-
gnutls28 (3.8.5-2ubuntu1) oracular; urgency=medium
* Merge with Debian; remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
- Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config.
- Forcefully disable DTLS 0.9 and 1.0 through /etc/gnutls/config.
- Fix logic for i386 autopkgtest on an amd64 host
- Don't run the testsuite under the influence of a configuration file.
gnutls28 (3.8.5-2) unstable; urgency=medium
* Add 45_Revert_Add-option-to-disable-RSAES-PKCS1-v1_5.patch, reverting
upstream commit 10ebc37e41343cb5b18ee9f0b8e2c45c3d83e8c7.
Closes: #1068644
gnutls28 (3.8.5-1) unstable; urgency=medium
* New upstream version, drop cherry-picked patch.
* [lintian] B-d on pkgconf instead of pkg-config.
gnutls28 (3.8.4-2) unstable; urgency=medium
* Cherry-pick from upstream git master:
+ 50_0001-gnutls_privkey_decrypt_data-don-t-free-plaintext-on-.patch
(Regression in 3.8.4).
* Upload to unstable.
gnutls28 (3.8.4-1) experimental; urgency=medium
* New upstream version.
+ Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
Closes: #1067464
+ libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by William
Woodruff (#1525) and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835] Closes: #1067463
+ Update copyright info.
+ Update symbol file.
-- Gianfranco Costamagna <email address hidden> Tue, 14 May 2024 12:08:31 +0200
-
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400
-
gnutls28 (3.8.3-1.1ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 06:17:25 +0000