-
gnutls26 (2.8.6-1ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: Denial of service in client application
- debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
- CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
- debian/patches/CVE-2012-1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573
-- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
-
gnutls26 (2.8.6-1) unstable; urgency=low
* Use dh_lintian.
* Use dh_makeshlibs for the guile stuff, too. This gets us
a) ldconfig in postinst. Closes: #553109
and
b) a shlibs file.
However the shared objects /usr/lib/libguile-gnutls*so* are still not
designed to be used as libraries (linking) but are dlopened. guile-1.10
will address this issue by keeping this stuff in a private directory.
* hotfix pkg-config files (proper fix to be included upstream).
* Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
-- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 13:50:55 +0100
-
gnutls26 (2.8.5-2) unstable; urgency=low
* Add a huge bunch of lintian overrides for the guile stuff to make dak
happy.
gnutls26 (2.8.5-1) unstable; urgency=low
* Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
* Switch to '3.0 (quilt)' source format, allowing us to use upstreams
orig.tar.bz2 without repacking it to gz.
* New upstream version.
+ Drop patches/20_fixtimebomb.diff.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 Dec 2009 17:42:07 +0000
