-
gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium
* SECURITY UPDATE: Double free in certificate DN decoding
- debian/patches/CVE-2015-6251.patch: Reset the output value on error
in lib/x509/common.c.
- CVE-2015-6251
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2015 14:45:42 -0400
-
gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Make gnutls28 default.
gnutls28 (3.3.15-5) unstable; urgency=medium
* Upload to unstable.
* Downgrade nettle-dev b-d to 2.7, this upload should build correctly
against both 2.7 and 3.x.
gnutls28 (3.3.15-4) experimental; urgency=medium
* 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
allows compilation against both nettle 2.7 and 3.x.
* Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
and libtasn1-6-dev, the =${binary:Version} dependency of the development
packages on the respective library packages should make this superfluous.
gnutls28 (3.3.15-3) experimental; urgency=medium
* Add 55_nettle3.patch from
http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
against nettle3.
-- Adam Conrad <email address hidden> Thu, 11 Jun 2015 14:47:40 -0600
-
gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Make gnutls28 default.
* Dropped patches included in new version:
- debian/patches/CVE-2015-0294.patch
- debian/patches/CVE-2014-8564.patch
gnutls28 (3.3.15-2) unstable; urgency=medium
* 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
fixing a testsuite error on kfreebsd-*.
gnutls28 (3.3.15-1) unstable; urgency=medium
* New upstream stable release.
+ Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
gnutls28 (3.3.14-2) unstable; urgency=medium
* Upload to unstable.
* Sync version of Depends and Build-Depends on libtasn1-6-dev.
gnutls28 (3.3.14-1) experimental; urgency=medium
* New upstream version.
+ Bump libtasn b-d to >= 4.3.
gnutls28 (3.3.13-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for CVE-2015-0294, a certificate algorithm consistency
checking issue.
gnutls28 (3.3.12-1) experimental; urgency=medium
* New upstream version.
+ gnutls-cli-debug STARTTLS is working. Closes: #467022
gnutls28 (3.3.11-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for OCSP response parsing issue. Closes: #772055
gnutls28 (3.3.10-2) experimental; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
gnutls28 (3.3.10-1) experimental; urgency=medium
* debian/rules: fix pattern for removal (and re-generation) of autogen-ed
manpages.
* New upstream version.
+ Includes fix for a denial of service issue CVE-2014-8564 /
GNUTLS-SA-2014-5.
+ When gnutls_global_init() is called for a second time, it will check
whether the /dev/urandom fd kept is still open and matches the original
one. That behavior works around issues with servers that close all file
descriptors. This should take care of #760476.
gnutls28 (3.3.9-1) experimental; urgency=medium
* New upstream version.
+ Unfuzz 20_debian_specific_soname.diff.
+ Drop 31_fallback_to_RUSAGE_SELF.diff.
+ Bump private symbol dependency info.
+ Bump dependency version of gnutls_certificate_get_issuer() and
gnutls_x509_trust_list_get_issuer() because of newly added
GNUTLS_TL_GET_COPY flag.
gnutls28 (3.3.8-7) unstable; urgency=medium
* 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
Pull two patches from upstream to a use-after-free flaw in
gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
Closes: #782776
gnutls28 (3.3.8-6) unstable; urgency=medium
* 39_check-whether-the-two-signatur.patch: Pull and unfuzz
6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
certificate import check whether the two signature algorithms match.
CVE-2015-0294. Closes: #779428
gnutls28 (3.3.8-5) unstable; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
gnutls28 (3.3.8-4) unstable; urgency=high
* Drop 31_fallback_to_RUSAGE_SELF.diff.
* 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually
from the application check the urandom fd for validity. Closes: #768841
and takes care of #760476.
* 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
session deinit. It is already being refreshed during the session lifetime.
* 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input.
CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
* 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
uses a cert in binary der-format which is not representable in a quilt
patches and we want to limit debian.tar.xz to modify stuff in debian/ we
have some special handling in debian/rules.)
-- Marc Deslauriers <email address hidden> Thu, 21 May 2015 08:47:19 -0400
-
gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: certificate algorithm consistency issue
- debian/patches/CVE-2015-0294.patch: make sure the two signature
algorithms match on cert import in lib/x509/x509.c.
- CVE-2015-0294
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 08:16:02 -0400