-
gnutls26 (2.12.23-1ubuntu4.3) saucy-security; urgency=medium
* SECURITY UPDATE: memory corruption due to server hello parsing
- debian/patches/CVE-2014-3466.patch: validate session_id_len in
lib/gnutls_handshake.c.
- CVE-2014-3466
-- Marc Deslauriers <email address hidden> Sun, 01 Jun 2014 11:04:16 -0400
-
gnutls26 (2.12.23-1ubuntu4.2) saucy-security; urgency=medium
* SECURITY UPDATE: certificate validation bypass
- debian/patches/CVE-2014-0092.patch: correct return codes in
lib/x509/verify.c.
- CVE-2014-0092
-- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 14:14:00 -0500
-
gnutls26 (2.12.23-1ubuntu4.1) saucy-security; urgency=medium
* SECURITY UPDATE: incorrect v1 intermediate cert handling
- debian/patches/CVE-2014-1959.patch: don't consider a v1 intermediate
cert to be a valid CA by default in lib/x509/verify.c.
- CVE-2014-1959
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 13:59:47 -0500
-
gnutls26 (2.12.23-1ubuntu4) saucy; urgency=low
* Link test-lock and test-thread_create with -Wl,--no-as-needed; see
https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html.
Based on a similar change by Matthias Klose in libidn.
-- Colin Watson <email address hidden> Mon, 07 Oct 2013 15:51:16 +0100
-
gnutls26 (2.12.23-1ubuntu3) saucy; urgency=low
* Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is
sufficient for Ubuntu. The former versioning rendered sipsak
uninstallable.
-- Colin Watson <email address hidden> Sat, 05 Oct 2013 00:00:39 +0100
-
gnutls26 (2.12.23-1ubuntu2) saucy; urgency=low
* SECURITY UPDATE: denial of service via incorrect pad
- debian/patches/CVE-2013-2116.patch: added sanity check in
lib/gnutls_cipher.c.
- CVE-2013-2116
-- Marc Deslauriers <email address hidden> Mon, 27 May 2013 08:34:01 -0400
-
gnutls26 (2.12.23-1ubuntu1) raring; urgency=low
* Merge from debian-experimental, remaining changes:
- Build gnutls-bin from this source package rather than from gnutls28:
gnutls28's licensing is currently too strict for many of the free
software packages built against it in Ubuntu main and we only want to
support a single version. Bump its version to achieve this.
* Drop gnulib-gets.diff: upstream.
gnutls26 (2.12.23-1) experimental; urgency=low
* New upstream version.
+ Includes fix for lucky thirteen TLS CBC padding timing
attack. CVE-2013-0169 CVE-2013-1619 GNUTLS-SA-2013-1
gnutls26 (2.12.22-1) experimental; urgency=low
* Update watchfile, based on Bart Martens version from q.d.o, but use a)
ftp.gnutls.org as mirror and b) limit the the match to 2.x versions.
* New upstream version.
+ Drop 30_strlen_on_null.diff.
gnutls26 (2.12.21-4) experimental; urgency=low
* 30_strlen_on_null.diff: Pulled from upstream git. Fix segfault caused
by running strlen() on NULL. Closes: #647747
gnutls26 (2.12.21-3) experimental; urgency=low
* Build with -sa.
gnutls26 (2.12.21-2) experimental; urgency=low
* Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x
packages. Add a new gnutls26-doc package which drops manpages and info
format documentation in favour of being is co-installable with
gnutls-doc.
gnutls26 (2.12.21-1) experimental; urgency=low
* New upstream release.
+ Works with libtasn1 3.0, requires at least libtasn1 2.14. Bump b-d.
-- Timo Aaltonen <email address hidden> Thu, 07 Mar 2013 12:47:58 +0200