lp://staging/ubuntu/hardy-updates/gnutls13
- Get this branch:
- bzr branch lp://staging/ubuntu/hardy-updates/gnutls13
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 19. By Marc Deslauriers
-
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/ 91_CVE- 2013-1619. diff: avoid timing attacks in
lib/gnutls_ cipher. c, lib/gnutls_ hash_int. h.
- CVE-2013-1619 - 18. By Tyler Hicks
-
* SECURITY UPDATE: Denial of service in client application
- debian/patches/ CVE-2011- 4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
- CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
- debian/patches/ CVE-2012- 1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573 - 17. By Jamie Strandboge
-
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/ 91_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required updating _gnutls_hostname_ compare( ) in
lib/x509/rfc2818_ hostname. c to support wide wildcard hostname matching.
This is a backward compatible change and which only adds additional
matching of hostnames.
- CVE-2009-2730 - 16. By Jamie Strandboge
-
* Fix for regression where some valid certificate chains would be untrusted
- Update debian/patches/ 91_CVE- 2008-4989. diff to check if last certificate
is self-signed and prevent verifying self-signed certificates against
themselves. Patch from upstream.
- http://lists.gnu. org/archive/ html/gnutls- devel/2008- 12/msg00008. html
- LP: #305264 - 15. By Jamie Strandboge
-
* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
validation
- debian/patches/ 91_CVE- 2008-4989. diff: don't remove the last certificate
if it is self-signed in lib/x509/verify.c
- http://article. gmane.org/ gmane.comp. encryption. gpg.gnutls. devel/3215
- http://article. gmane.org/ gmane.comp. encryption. gpg.gnutls. devel/3248
- CVE-2008-4989 - 14. By Kees Cook
-
* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/ 90_GNUTLS- SA-2008- 1.diff: upstream fixes, thanks to Debian.
* References
GNUTLS-SA-2008-1
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 - 13. By Steve Langasek
-
* Pulled from upstream, by way of Debian:
+ debian/patches/ 20_nulltermfix_ 465197. diff
Corrected the behaviour of gnutls_x509_crt_ get_subject_ alt_name( )
et al. to not null terminate binary strings and return the proper
size.
+ debian/patches/ 21_nulltermfix_ 465197_ part2.diff
corrected string handling in parse_general_name. - 12. By Martin Pitt
-
* Merge from debian unstable, remaining changes:
- debian/rules: Use clean-la.mk. - 10. By Andreas Metzler <email address hidden>
-
* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
(Closes: #441740)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)