-
gnutls26 (2.12.14-5ubuntu4.6) quantal-security; urgency=medium
* SECURITY UPDATE: certificate validation bypass
- debian/patches/CVE-2014-0092.patch: correct return codes in
lib/x509/verify.c.
- CVE-2014-0092
-- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:15:34 -0500
-
gnutls26 (2.12.14-5ubuntu4.5) quantal-security; urgency=medium
* SECURITY UPDATE: incorrect v1 intermediate cert handling
- debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate
cert to be a valid CA by default in lib/x509/verify.c.
- CVE-2014-1959
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 14:00:29 -0500
-
gnutls26 (2.12.14-5ubuntu4.4) quantal-proposed; urgency=low
* debian/patches/21_ignore_key_usage_violation.patch:
Prints debug message on key usage violation rather than treating
the violation as fatal. (LP: #1207123)
-- Adam Stokes <email address hidden> Mon, 05 Aug 2013 11:15:19 -0400
-
gnutls26 (2.12.14-5ubuntu4.3) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via incorrect pad
- debian/patches/CVE-2013-2116.patch: added sanity check in
lib/gnutls_cipher.c.
- CVE-2013-2116
-- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:40:42 -0400
-
gnutls26 (2.12.14-5ubuntu4.2) quantal-security; urgency=low
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-1619.patch: avoid timing attacks in
lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
- CVE-2013-1619
-- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 11:31:46 -0500
-
gnutls26 (2.12.14-5ubuntu4.1) quantal-proposed; urgency=low
* debian/patches/lp1095052.patch:
- Added new patch, derived from an upstream revision, which provides
a fix for an issue where client certificate authentication will
fail. (LP: #1095052)
-- Thomas Ward <email address hidden> Mon, 07 Jan 2013 19:52:48 +0000
-
gnutls26 (2.12.14-5ubuntu4) quantal; urgency=low
* Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).
-- Thorsten Glaser <email address hidden> Thu, 24 May 2012 11:19:12 +0200
-
gnutls26 (2.12.14-5ubuntu3) precise; urgency=low
* SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661)
- debian/patches/CVE-2012-1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573
-- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 02:52:23 -0500