[Bug 305264] Re: gnutls regression: failure in certificate chain validation

Launchpad Bug Tracker 305264 at bugs.launchpad.net
Thu Aug 13 18:54:50 BST 2009


This bug was fixed in the package gnutls26 - 2.4.1-1ubuntu0.3

---------------
gnutls26 (2.4.1-1ubuntu0.3) intrepid-security; urgency=low

  * Fix for certificate chain regressions introduced by fixes for
    CVE-2008-4989
  * debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

 -- Jamie Strandboge <jamie at ubuntu.com>   Fri, 20 Feb 2009 12:24:43
-0600

** Changed in: gnutls26 (Ubuntu Intrepid)
       Status: Fix Committed => Fix Released

-- 
gnutls regression: failure in certificate chain validation
https://bugs.launchpad.net/bugs/305264
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list