Change log for gnutls28 package in Ubuntu
76 → 150 of 171 results | First • Previous • Next • Last |
gnutls28 (3.5.18-1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a priority string (LP: #1860656) - debian/patches/allow_broken_priority_string.patch: introduce the %VERIFY_ALLOW_BROKEN priority string option. - debian/patches/allow_sha1_priority_string.patch: introduce the %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option. -- Marc Deslauriers <email address hidden> Thu, 23 Jan 2020 08:39:38 -0500
Available diffs
gnutls28 (3.6.11.1-2ubuntu2) focal; urgency=medium * Refresh 1158.patch to the one that got merged upstream. * Import 1168.patch merge request that makes openssl-compat test suite pass against openssl compiled with SECLEVEL=2.
Available diffs
Superseded in focal-proposed |
gnutls28 (3.6.11.1-2ubuntu1) focal; urgency=medium * Import upstream pullrequest patch to allow overriding default priority string. * Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). -- Dimitri John Ledkov <email address hidden> Fri, 10 Jan 2020 00:48:29 +0000
Available diffs
gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing - debian/patches/insecuresha1-*.patch: backport upstream patches to allow marking SHA1 as insecure, but only for certificate signing. - debian/libgnutls30.symbols: added new symbol. -- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 12:52:12 -0500
Available diffs
gnutls28 (3.5.18-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing - debian/patches/insecuresha1-*.patch: backport upstream patches to allow marking SHA1 as insecure, but only for certificate signing. - debian/libgnutls30.symbols: added new symbol. -- Marc Deslauriers <email address hidden> Wed, 08 Jan 2020 10:39:00 -0500
Available diffs
gnutls28 (3.6.11.1-2) unstable; urgency=low * Use dh 12 compat level. + Install gtk-doc files from as-installed location instead of builddir to avoid dh_missing warnings. * List *.la files in debian/not-installed. * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 14 Dec 2019 18:07:49 +0100
Available diffs
- diff from 3.6.10-5 to 3.6.11.1-2 (307.1 KiB)
gnutls28 (3.6.10-5) unstable; urgency=medium * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch 50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!) Closes: #943905 -- Andreas Metzler <email address hidden> Sat, 16 Nov 2019 18:41:44 +0100
Available diffs
- diff from 3.6.9-5ubuntu2 (in Ubuntu) to 3.6.10-5 (380.7 KiB)
- diff from 3.6.10-4 to 3.6.10-5 (2.0 KiB)
gnutls28 (3.6.10-4) unstable; urgency=medium * Add support for noguile build profile. See #943905. -- Andreas Metzler <email address hidden> Sat, 02 Nov 2019 06:30:43 +0100
Available diffs
- diff from 3.6.9-5ubuntu2 (in Ubuntu) to 3.6.10-4 (379.1 KiB)
gnutls28 (3.6.9-5ubuntu2) focal; urgency=medium * No-change rebuild against libnettle7 -- Steve Langasek <email address hidden> Thu, 31 Oct 2019 22:11:03 +0000
Available diffs
- diff from 3.6.9-5ubuntu1 to 3.6.9-5ubuntu2 (337 bytes)
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to Release) |
gnutls28 (3.6.9-5ubuntu1) eoan; urgency=medium * Build-depend on texlive-plain-generic instead of obsolete texlive- generic-recommended. -- Steve Langasek <email address hidden> Tue, 01 Oct 2019 13:25:29 -0700
Available diffs
- diff from 3.6.9-5 (in Debian) to 3.6.9-5ubuntu1 (772 bytes)
gnutls28 (3.6.9-5) unstable; urgency=medium * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream GIT master: Fix interop problems with gnutls 2.x. Closes: #933538 -- Andreas Metzler <email address hidden> Sat, 14 Sep 2019 13:38:41 +0200
Available diffs
gnutls28 (3.6.9-4build1) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 10:50:47 +0000
Available diffs
- diff from 3.6.9-4 (in Debian) to 3.6.9-4build1 (351 bytes)
gnutls28 (3.6.9-4) unstable; urgency=medium * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken assembly code. (Thanks, Steve Langasek for report and patch!) Closes: #934193 -- Andreas Metzler <email address hidden> Thu, 08 Aug 2019 19:40:21 +0200
Available diffs
- diff from 3.6.9-3ubuntu1 (in Ubuntu) to 3.6.9-4 (773 bytes)
gnutls28 (3.6.9-3ubuntu1) eoan; urgency=medium * debian/patches/i386-fix-wrong-reloc.patch: fix relocation problem on i386. -- Steve Langasek <email address hidden> Wed, 07 Aug 2019 18:04:43 -0700
Available diffs
gnutls28 (3.6.9-3) unstable; urgency=medium * autopkgtest: Skip system-override-sig-hash.sh. -- Andreas Metzler <email address hidden> Sat, 03 Aug 2019 06:48:46 +0200
Available diffs
- diff from 3.6.9-2 to 3.6.9-3 (545 bytes)
gnutls28 (3.6.9-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Fri, 02 Aug 2019 19:12:42 +0200
Available diffs
- diff from 3.6.8-2 to 3.6.9-2 (697.9 KiB)
gnutls28 (3.6.8-2) unstable; urgency=low * Use DH 11 compat again. * 3.6.8 builds with gcc-9. Closes: #925701 * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian Andres Klode) Closes: #930541 See also https://gitlab.com/gnutls/gnutls/merge_requests/986 * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 06 Jul 2019 14:10:29 +0200
Available diffs
- diff from 3.6.7-4ubuntu1 (in Ubuntu) to 3.6.8-2 (389.3 KiB)
gnutls28 (3.6.7-4ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/add-openssl-test-link.patch: add link for libssl - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of letting it be assumed * Dropped changes, years old, never upstreamed, and presumed obsolete: - debian/patches/disable_global_init_override_test.patch: disable failing test.
Available diffs
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: Lucky-13 issues - debian/patches/CVE-2018-1084x-1.patch: correctly account the length field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of blocks that would have been on minimum pad in lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under SSL3.0 in lib/gnutls_cipher.c. - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256 ciphersuites were removed from defaults in lib/gnutls_priority.c, tests/priorities.c. - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in tests/pkcs12_encode.c. - CVE-2018-10844 - CVE-2018-10845 - CVE-2018-10846 -- Marc Deslauriers <email address hidden> Tue, 28 May 2019 13:32:56 -0400
Available diffs
gnutls28 (3.5.18-1ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Lucky-13 issues - debian/patches/CVE-2018-1084x-1.patch: correctly account the length field in SHA384 HMAC in lib/algorithms/mac.c, lib/cipher.c. - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of blocks that would have been on minimum pad in lib/cipher.c. - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under SSL3.0 in lib/cipher.c. - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256 ciphersuites were removed from defaults in lib/priority.c, tests/dtls1-2-mtu-check.c, tests/priorities.c. - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in tests/pkcs12_encode.c. - CVE-2018-10844 - CVE-2018-10845 - CVE-2018-10846 * SECURITY UPDATE: double free in cert verification API - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after gnutls_free() in lib/includes/gnutls/gnutls.h.in. - debian/patches/CVE-2019-3829-2.patch: fix some casts in lib/extensions.c. - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer in lib/x509/x509.c. - CVE-2019-3829 -- Marc Deslauriers <email address hidden> Tue, 28 May 2019 13:18:12 -0400
Available diffs
gnutls28 (3.6.4-2ubuntu1.2) cosmic-security; urgency=medium * SECURITY UPDATE: double free in cert verification API - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after gnutls_free() in lib/includes/gnutls/gnutls.h.in. - debian/patches/CVE-2019-3829-2.patch: remove redundant resets of variables after free(). - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer in lib/x509/x509.c. - CVE-2019-3829 * SECURITY UPDATE: uninitialized pointer access - debian/patches/CVE-2019-3836.patch: add missing initialization of local variable in lib/handshake-tls13.c. - CVE-2019-3836 -- Marc Deslauriers <email address hidden> Tue, 28 May 2019 13:14:35 -0400
gnutls28 (3.6.5-2ubuntu1.1) disco-security; urgency=medium * SECURITY UPDATE: double free in cert verification API - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after gnutls_free() in lib/includes/gnutls/gnutls.h.in. - debian/patches/CVE-2019-3829-2.patch: remove redundant resets of variables after free(). - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer in lib/x509/x509.c. - CVE-2019-3829 * SECURITY UPDATE: uninitialized pointer access - debian/patches/CVE-2019-3836.patch: add missing initialization of local variable in lib/handshake-tls13.c. - CVE-2019-3836 -- Marc Deslauriers <email address hidden> Tue, 28 May 2019 13:00:08 -0400
Available diffs
gnutls28 (3.6.7-3ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of letting it be assumed
Available diffs
- diff from 3.6.7-2ubuntu3 to 3.6.7-3ubuntu1 (826 bytes)
gnutls28 (3.6.7-2ubuntu3) eoan; urgency=medium * Revert previous upload, move setting of ac_cv_sizeof_time_t to debian/tests/run-upstream-testsuite. -- Julian Andres Klode <email address hidden> Mon, 29 Apr 2019 17:21:07 +0200
Available diffs
- diff from 3.6.5-2ubuntu1 to 3.6.7-2ubuntu3 (1.0 MiB)
- diff from 3.6.7-2ubuntu2 to 3.6.7-2ubuntu3 (1.3 KiB)
Superseded in eoan-proposed |
gnutls28 (3.6.7-2ubuntu2) eoan; urgency=medium * tests-cert-tests-crl-Try-to-infer-64-bit-time-using-.patch: Try to figure out if we have a 64-bit timestamp using date(1), rather than just assuming it for out-of-tree tests. -- Julian Andres Klode <email address hidden> Mon, 29 Apr 2019 12:29:03 +0200
Available diffs
Superseded in eoan-proposed |
gnutls28 (3.6.7-2ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
gnutls28 (3.6.4-2ubuntu1.1) cosmic; urgency=medium * gnutls-3.6.4-fix-rehandshake.patch: Fix rehandshake breaking glib stuff (LP: #1804673) -- Julian Andres Klode <email address hidden> Mon, 21 Jan 2019 08:56:16 +0100
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
gnutls28 (3.6.5-2ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl * this is a new upstream release including a fix for LP: #1804673
Available diffs
- diff from 3.6.4-2ubuntu2 to 3.6.5-2ubuntu1 (600.9 KiB)
gnutls28 (3.6.4-2ubuntu2) disco; urgency=medium * No-change rebuild against libunbound8 -- Steve Langasek <email address hidden> Sun, 11 Nov 2018 09:01:12 +0000
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
gnutls28 (3.6.4-2ubuntu1) cosmic; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl * 0001-Skip-tests-tls13-prf.c-if-visibility-protected-doesn.patch: cherrypick upstream patch to fix test-suite with symbolic-functions * This upstream release includes TLS 1.3 support.
Available diffs
gnutls28 (3.5.19-1ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
- diff from 3.5.18-1ubuntu1 to 3.5.19-1ubuntu1 (132.0 KiB)
gnutls28 (3.2.11-2ubuntu1.2) trusty; urgency=medium * debian/patches/check_same_certificate_not_only_issuer.patch: when verifying, check for the same certificate in the trusted list, not only the issuer. * debian/patches/compare_ca_name_and_key.patch: when comparing a CA certificate with the trusted list, compare the name and key. (LP: #1722411) -- Anders Kaseorg <email address hidden> Wed, 17 Jan 2018 16:23:47 -0500
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
gnutls28 (3.5.18-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
- diff from 3.5.17-1ubuntu3 to 3.5.18-1ubuntu1 (20.2 KiB)
gnutls28 (3.5.17-1ubuntu3) bionic; urgency=medium * Rebuild against new libunistring 0.9.9. -- Gianfranco Costamagna <email address hidden> Sun, 04 Mar 2018 09:24:47 +0100
Available diffs
Superseded in bionic-proposed |
gnutls28 (3.5.17-1ubuntu2) bionic; urgency=medium * Stop building with --with-included-unistring now that we get a new unistring -- Julian Andres Klode <email address hidden> Tue, 13 Feb 2018 16:14:36 +0100
Available diffs
gnutls28 (3.5.17-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl * Build with --with-included-unistring for now as our libunistring is too old and needs a transition.
Available diffs
- diff from 3.5.8-6ubuntu3 to 3.5.17-1ubuntu1 (578.5 KiB)
gnutls28 (3.5.6-4ubuntu4.3) zesty; urgency=medium * Cherry pick several fixes from Debian 3.5.8-5+deb9u3: - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch 38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa signatures. LP: #1714506 - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and decryption on aarch64. LP: #1707172 -- Julian Andres Klode <email address hidden> Sat, 02 Sep 2017 16:12:49 +0200
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
gnutls28 (3.5.8-6ubuntu3) artful; urgency=medium * Cherry pick several fixes from Debian 3.5.8-5+deb9u3: - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch 38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa signatures. LP: #1714506 - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and decryption on aarch64. LP: #1707172 -- Julian Andres Klode <email address hidden> Sat, 02 Sep 2017 16:12:49 +0200
Available diffs
gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler: OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. (LP: #1709193) -- Simon Deziel <email address hidden> Mon, 07 Aug 2017 23:04:43 +0000
gnutls28 (3.5.6-4ubuntu4.2) zesty; urgency=medium * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler: OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. (LP: #1709193) -- Simon Deziel <email address hidden> Thu, 10 Aug 2017 12:47:14 +0000
Available diffs
gnutls28 (3.5.8-6ubuntu2) artful; urgency=medium * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler: OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. (LP: #1709193) -- Simon Deziel <email address hidden> Thu, 10 Aug 2017 00:34:06 +0000
Available diffs
gnutls28 (3.5.8-6ubuntu1) artful; urgency=medium * Merge with Debian. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: null pointer dereference via status response TLS extension decoding - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are properly deinitialized in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs from client extension in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-3.patch: documented requirements for parameters in lib/ext/status_request.c. - CVE-2017-7507 * SECURITY UPDATE: DoS and possible code execution via OpenPGP certificate decoding - debian/patches/CVE-2017-7869.patch: enforce packet limits in lib/opencdk/read-packet.c. - CVE-2017-7869 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:32:37 -0400
Available diffs
gnutls28 (3.5.6-4ubuntu4.1) zesty-security; urgency=medium * SECURITY UPDATE: null pointer dereference via status response TLS extension decoding - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are properly deinitialized in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs from client extension in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-3.patch: documented requirements for parameters in lib/ext/status_request.c. - CVE-2017-7507 * SECURITY UPDATE: DoS and possible code execution via OpenPGP certificate decoding - debian/patches/CVE-2017-7869.patch: enforce packet limits in lib/opencdk/read-packet.c. - CVE-2017-7869 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:26:39 -0400
Available diffs
gnutls28 (3.5.3-5ubuntu1.2) yakkety-security; urgency=medium * SECURITY UPDATE: null pointer dereference via status response TLS extension decoding - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are properly deinitialized in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs from client extension in lib/ext/status_request.c. - debian/patches/CVE-2017-7507-3.patch: documented requirements for parameters in lib/ext/status_request.c. - CVE-2017-7507 * SECURITY UPDATE: DoS and possible code execution via OpenPGP certificate decoding - debian/patches/CVE-2017-7869.patch: enforce packet limits in lib/opencdk/read-packet.c. - CVE-2017-7869 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:31:08 -0400
Available diffs
gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium * Merge with Debian. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
- diff from 3.5.6-4ubuntu4 to 3.5.8-5ubuntu1 (909.5 KiB)
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
gnutls28 (3.5.6-4ubuntu4) zesty; urgency=medium * Fix FTBFS because of failing test (LP: #1679868) - debian/patches/fix_tests_timezone.patch: address test suite failure due to timezone differences in tests/cert-tests/pkcs7. -- Marc Deslauriers <email address hidden> Wed, 05 Apr 2017 10:06:24 -0400
Available diffs
gnutls28 (3.5.6-4ubuntu3) zesty; urgency=medium * SECURITY UPDATE: double-free when reading proxy language - debian/patches/CVE-2017-5334.patch: fix double-free in lib/x509/x509_ext.c. - CVE-2017-5334 * SECURITY UPDATE: out of memory error in stream reading functions - debian/patches/CVE-2017-5335.patch: add error checking to lib/opencdk/read-packet.c. - CVE-2017-5335 * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid - debian/patches/CVE-2017-5336.patch: check return code in lib/opencdk/pubkey.c. - CVE-2017-5336 * SECURITY UPDATE: heap read overflow when reading streams - debian/patches/CVE-2017-5337.patch: add more precise checks to lib/opencdk/read-packet.c. - CVE-2017-5337 -- Marc Deslauriers <email address hidden> Wed, 01 Feb 2017 14:21:40 -0500
Available diffs
gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium * SECURITY UPDATE: OCSP validation issue - debian/patches/CVE-2016-7444.patch: correctly verify the serial length in lib/x509/ocsp.c. - CVE-2016-7444 * SECURITY UPDATE: denial of service via warning alerts - debian/patches/CVE-2016-8610.patch: set a maximum number of warning messages in lib/gnutls_int.h, lib/gnutls_handshake.c, lib/gnutls_state.c. - CVE-2016-8610 * SECURITY UPDATE: double-free when reading proxy language - debian/patches/CVE-2017-5334.patch: fix double-free in lib/x509/x509_ext.c. - CVE-2017-5334 * SECURITY UPDATE: out of memory error in stream reading functions - debian/patches/CVE-2017-5335.patch: add error checking to lib/opencdk/read-packet.c. - CVE-2017-5335 * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid - debian/patches/CVE-2017-5336.patch: check return code in lib/opencdk/pubkey.c. - CVE-2017-5336 * SECURITY UPDATE: heap read overflow when reading streams - debian/patches/CVE-2017-5337.patch: add more precise checks to lib/opencdk/read-packet.c. - CVE-2017-5337 * debian/patches/fix_expired_certs.patch: use datefudge to fix test with expired certs. -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2017 10:14:03 -0500
Available diffs
gnutls28 (3.5.3-5ubuntu1.1) yakkety-security; urgency=medium * SECURITY UPDATE: denial of service via warning alerts - debian/patches/CVE-2016-8610.patch: set a maximum number of warning messages in lib/gnutls_int.h, lib/handshake.c, lib/state.c. - CVE-2016-8610 * SECURITY UPDATE: double-free when reading proxy language - debian/patches/CVE-2017-5334.patch: fix double-free in lib/x509/x509_ext.c. - CVE-2017-5334 * SECURITY UPDATE: out of memory error in stream reading functions - debian/patches/CVE-2017-5335.patch: add error checking to lib/opencdk/read-packet.c. - CVE-2017-5335 * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid - debian/patches/CVE-2017-5336.patch: check return code in lib/opencdk/pubkey.c. - CVE-2017-5336 * SECURITY UPDATE: heap read overflow when reading streams - debian/patches/CVE-2017-5337.patch: add more precise checks to lib/opencdk/read-packet.c. - CVE-2017-5337 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2017 08:24:51 -0500
Available diffs
gnutls28 (3.5.6-4ubuntu2) zesty; urgency=medium * d/p/dname-api-*.patch fix gnutls api breakage on dname order in gnutls 3.5.6 (LP: #1641615) - d/libgnutls30.symbols add new symbols added by the upstream fix -- Christian Ehrhardt <email address hidden> Thu, 17 Nov 2016 08:39:43 +0100
Available diffs
- diff from 3.5.6-4ubuntu1 to 3.5.6-4ubuntu2 (22.9 KiB)
gnutls28 (3.5.6-4ubuntu1) zesty; urgency=medium * Merge with Debian. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl * New upstream version avoids getrandom() at initialization which caused NetworkManager to hang at boot. (LP: #1622893)
Available diffs
- diff from 3.5.3-5ubuntu1 to 3.5.6-4ubuntu1 (932.1 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
gnutls28 (3.5.3-5ubuntu1) yakkety; urgency=medium * Merge with Debian (LP: #1624856). Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
gnutls28 (3.5.3-4ubuntu1) yakkety; urgency=medium * Merge with Debian; remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
gnutls28 (3.5.3-3ubuntu1) yakkety; urgency=medium * Merge with Debian; remaining changes:
Available diffs
- diff from 3.5.2-2ubuntu4 to 3.5.3-3ubuntu1 (835.3 KiB)
gnutls28 (3.5.2-2ubuntu4) yakkety; urgency=medium * Revert the last change, fail again on failed tests. -- Matthias Klose <email address hidden> Thu, 11 Aug 2016 17:15:26 +0200
Available diffs
- diff from 3.4.14-1ubuntu1 to 3.5.2-2ubuntu4 (2.3 MiB)
- diff from 3.5.2-2ubuntu3 to 3.5.2-2ubuntu4 (489 bytes)
Superseded in yakkety-proposed |
gnutls28 (3.5.2-2ubuntu3) yakkety; urgency=medium * Ignore the test results for a first build. -- Matthias Klose <email address hidden> Thu, 11 Aug 2016 15:22:38 +0200
Available diffs
- diff from 3.5.2-2ubuntu2 to 3.5.2-2ubuntu3 (409 bytes)
Superseded in yakkety-proposed |
gnutls28 (3.5.2-2ubuntu2) yakkety; urgency=medium * Ignore the test results for a first build. -- Matthias Klose <email address hidden> Thu, 11 Aug 2016 15:22:38 +0200
Available diffs
- diff from 3.5.2-2ubuntu1 to 3.5.2-2ubuntu2 (350 bytes)
Superseded in yakkety-proposed |
gnutls28 (3.5.2-2ubuntu1) yakkety; urgency=low * Merge from Debian unstable (LP: #1608129). Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. - debian/patches/add-openssl-test-link.patch: add link for libssl
Available diffs
gnutls28 (3.4.14-1ubuntu1) yakkety; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/disable_global_init_override_test.patch: disable failing test. * Drop rename from libgnutls28-dev to libgnutls-dev. No sign that Debian is ever going to make this change, and only 14 packages build-depend on libgnutls-dev in Ubuntu, so this is an unnecessary delta.
Available diffs
gnutls28 (3.4.14-1) unstable; urgency=medium * Also mark b-d on net-tools/freebsd-net-tools as optional via the <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and patch). Closes: #826693 * New upstream bugfix release. This includes the following fix: + libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). The issue is not relevant for the Debian binary packages, since we do not build with --with-default-trust-store-pkcs11=. -- Andreas Metzler <email address hidden> Sat, 09 Jul 2016 14:01:05 +0200
Available diffs
gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium * SRU: LP: #1592693. * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools in xenial. -- Matthias Klose <email address hidden> Wed, 15 Jun 2016 10:00:17 +0200
Available diffs
- diff from 3.4.10-4ubuntu1 to 3.4.10-4ubuntu1.1 (515 bytes)
gnutls28 (3.4.11-4ubuntu1) yakkety; urgency=medium * Merge with Debian; remaining changes: - Make gnutls28 default. - debian/patches/disable_global_init_override_test.patch: disable failing test.
Available diffs
- diff from 3.4.10-4ubuntu1 to 3.4.11-4ubuntu1 (144.3 KiB)
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes: - Make gnutls28 default. - debian/patches/disable_global_init_override_test.patch: disable failing test.
Available diffs
- diff from 3.4.9-2ubuntu1 to 3.4.10-4ubuntu1 (198.3 KiB)
gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes:
Available diffs
gnutls28 (3.3.20-1ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: - Make gnutls28 default. * debian/patches/disable_global_init_override_test.patch: disable failing test.
Available diffs
- diff from 3.4.10-4ubuntu1 to 3.3.20-1ubuntu1 (2.0 MiB)
- diff from 3.3.18-1ubuntu1 to 3.3.20-1ubuntu1 (156.0 KiB)
gnutls28 (3.3.8-3ubuntu3.2) vivid-security; urgency=medium * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2 - debian/patches/CVE-2015-7575.patch: properly set value in auth/cert.c, do not consider any values from the extension data to decide acceptable algorithms in lib/ext/signature.c, added test to tests/Makefile.am, tests/sign-md5-rep.c. - CVE-2015-7575 -- Marc Deslauriers <email address hidden> Thu, 07 Jan 2016 10:34:56 -0500
Available diffs
gnutls28 (3.3.18-1ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: - Make gnutls28 default.
Available diffs
- diff from 3.3.15-5ubuntu2 to 3.3.18-1ubuntu1 (332.0 KiB)
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium * SECURITY UPDATE: Double free in certificate DN decoding - debian/patches/CVE-2015-6251.patch: Reset the output value on error in lib/x509/common.c. - CVE-2015-6251 -- Marc Deslauriers <email address hidden> Mon, 31 Aug 2015 14:45:42 -0400
Available diffs
- diff from 3.4.10-4ubuntu1 to 3.3.15-5ubuntu2 (2.1 MiB)
- diff from 3.3.15-5ubuntu1 to 3.3.15-5ubuntu2 (934 bytes)
gnutls28 (3.3.8-3ubuntu3.1) vivid-security; urgency=medium * SECURITY UPDATE: Double free in parsing of dist points - debian/patches/CVE-2015-3308.patch: clear san.data and san.size in lib/x509/x509_ext.c. - CVE-2015-3308 * SECURITY UPDATE: Double free in certificate DN decoding - debian/patches/CVE-2015-6251.patch: Reset the output value on error in lib/x509/common.c. - CVE-2015-6251 -- Marc Deslauriers <email address hidden> Mon, 31 Aug 2015 14:49:12 -0400
Available diffs
gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium * Merge from Debian unstable. Remaining changes: - Make gnutls28 default.
Available diffs
gnutls28 (3.0.11-1ubuntu2.1) precise-security; urgency=medium * SECURITY UPDATE: Denial of service and possible remote arbitrary code execution via crafted ServerHello message - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for session id size. Based on upstream patch. (LP: #1326779) -- Tyler Hicks <email address hidden> Thu, 11 Jun 2015 10:51:35 -0500
Available diffs
gnutls28 (3.2.11-2ubuntu1.1) trusty-security; urgency=medium [ Gianfranco Costamagna ] * SECURITY UPDATE: Denial of service and possible remote arbitrary code execution via crafted ServerHello message - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for session id size. Based on upstream patch. (LP: #1326779) [ Tyler Hicks ] * debian/patches/21_CVE-2014-3466.patch: Fold in the test for CVE-2014-3466's fix. Based on upstream patch. -- Tyler Hicks <email address hidden> Thu, 11 Jun 2015 10:42:35 -0500
Available diffs
gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium * Merge from Debian unstable. Remaining changes: - Make gnutls28 default. * Dropped patches included in new version: - debian/patches/CVE-2015-0294.patch - debian/patches/CVE-2014-8564.patch
Available diffs
- diff from 3.3.8-3ubuntu3 to 3.3.15-2ubuntu1 (594.1 KiB)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium * SECURITY UPDATE: certificate algorithm consistency issue - debian/patches/CVE-2015-0294.patch: make sure the two signature algorithms match on cert import in lib/x509/x509.c. - CVE-2015-0294 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 08:16:02 -0400
Available diffs
76 → 150 of 171 results | First • Previous • Next • Last |