lp://staging/ubuntu/maverick-security/gnutls26
- Get this branch:
- bzr branch lp://staging/ubuntu/maverick-security/gnutls26
Branch merges
Related source package recipes
Branch information
Recent revisions
- 22. By Tyler Hicks
-
* SECURITY UPDATE: Denial of service in client application
- debian/patches/ CVE-2011- 4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
- CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
- debian/patches/ CVE-2012- 1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573 - 21. By Andreas Metzler <email address hidden>
-
* Use dh_lintian.
* Use dh_makeshlibs for the guile stuff, too. This gets us
a) ldconfig in postinst. Closes: #553109
and
b) a shlibs file.
However the shared objects /usr/lib/libguile- gnutls* so* are still not
designed to be used as libraries (linking) but are dlopened. guile-1.10
will address this issue by keeping this stuff in a private directory.
* hotfix pkg-config files (proper fix to be included upstream).
* Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff - 20. By Andreas Metzler <email address hidden>
-
Add a huge bunch of lintian overrides for the guile stuff to make dak
happy. - 19. By Andreas Metzler <email address hidden>
-
[20_fixtimebomb
.diff] Fix testsuite error. Closes: #552920 - 18. By Andreas Metzler <email address hidden>
-
* New upstream version.
+ Drop debian/patches/ 15_openpgp. diff.
* Sync priorities with override file, libgnutls26 has been bumped from
important to standard. - 17. By Andreas Metzler <email address hidden>
-
[ debian/
patches/ 15_openpgp. diff ] The CVE-2009-2730 patch broke
openpgp connections. - 16. By Andreas Metzler <email address hidden>
-
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
http://lists.gnu. org/archive/ html/help- gnutls/ 2009-08/ msg00011. html
* Drop 15_chainverify_expiredcert. diff, included upstream.
* Urgency high, since 541439 applies to testing, too. - 15. By Jamie Strandboge
-
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/ 16_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0
- CVE-2009-2730 - 14. By Andreas Metzler <email address hidden>
-
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1. so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009- 1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009- 2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009- 3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
brehavior change, add a NEWS.Debian file to document it. - 13. By Andreas Metzler <email address hidden>
-
* Sync sections in debian/control with override file. libgnutls26-dbg is
section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/precise/gnutls26
