-
gnutls26 (2.4.2-6ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/26_CVE-2009-2730.diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0
- CVE-2009-2730
-- Jamie Strandboge <email address hidden> Fri, 14 Aug 2009 14:01:09 -0500
-
gnutls26 (2.4.2-6) unstable; urgency=medium
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate.patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_list_import.
http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
-- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 20:10:15 +0000
-
gnutls26 (2.4.2-5) unstable; urgency=low
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff:Accept v1 x509 CA
certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
+ 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 09 Feb 2009 08:56:25 +0000
-
gnutls26 (2.4.2-4) unstable; urgency=medium
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. Closes: #507633
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 06 Dec 2008 22:02:24 +0000
-
gnutls26 (2.4.2-3) unstable; urgency=low
* Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. Closes: #505279
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 13 Nov 2008 10:59:19 +0000
-
gnutls26 (2.4.2-2) unstable; urgency=medium
* [CVE-2008-4989.diff] Fix man in the middle attack for certificate
verification. CVE-2008-4989 GNUTLS-SA-2008-3
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 11 Nov 2008 11:08:06 +0000
-
gnutls26 (2.4.2-1) unstable; urgency=low
* New upstream bugfix release.
* Up to date gnutls-cli manpage. Closes: #492775
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:24:21 +0000
-
gnutls26 (2.4.1-1build1) intrepid; urgency=low
* Rebuild against thread-enabled guile-1.8.
-- Martin Pitt <email address hidden> Wed, 06 Aug 2008 14:18:59 +0000