Format: 1.7 Date: Fri, 20 Feb 2009 13:05:18 -0600 Source: gnutls13 Binary: libgnutls-dev libgnutlsxx13 libgnutls13 gnutls-bin gnutls-doc libgnutls13-dbg Architecture: lpia_translations lpia Version: 1.6.3-1ubuntu0.4 Distribution: gutsy Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Jamie Strandboge Description: gnutls-bin - the GNU TLS library - commandline utilities libgnutls-dev - the GNU TLS library - development files libgnutls13 - the GNU TLS library - runtime library libgnutls13-dbg - GNU TLS library - debugger symbols libgnutlsxx13 - the GNU TLS library - C++ runtime library Launchpad-Bugs-Fixed: 305264 305264 Changes: gnutls13 (1.6.3-1ubuntu0.4) gutsy-security; urgency=low . * Fix for certificate chain regressions introduced by fixes for CVE-2008-4989 * debian/patches/91_CVE-2008-4989.diff: updated to upstream's final 2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and address all known regressions. To summarize from upstream: - Fix X.509 certificate chain validation error (CVE-2008-4989) - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264) - Deprecate X.509 validation chains using MD5 and MD2 signatures - Accept chains where intermediary certs are trusted (LP: #305264) Files: 97d0d1c867dc97ef94f796ea80ecb0ea 12178 raw-translations - gnutls13_1.6.3-1ubuntu0.4_lpia_translations.tar.gz da46917c53894a89f27d10c3a1047837 393372 libdevel optional libgnutls-dev_1.6.3-1ubuntu0.4_lpia.deb 34c826fb2bc9c3bcfd6c06408e49fe95 309778 libs important libgnutls13_1.6.3-1ubuntu0.4_lpia.deb 7f2e439a14ec7aeb5780b1b77f6673e2 777980 devel extra libgnutls13-dbg_1.6.3-1ubuntu0.4_lpia.deb 7549248ee1ff0f21a4fdaa81622ccc3e 199700 net optional gnutls-bin_1.6.3-1ubuntu0.4_lpia.deb 0ca7f0d164e5032e96c63e890faef664 105194 libs optional libgnutlsxx13_1.6.3-1ubuntu0.4_lpia.deb Original-Maintainer: Debian GnuTLS Maintainers