[ubuntu/wily-proposed] gnutls28 3.3.15-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu May 21 13:39:14 UTC 2015
gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Make gnutls28 default.
* Dropped patches included in new version:
- debian/patches/CVE-2015-0294.patch
- debian/patches/CVE-2014-8564.patch
gnutls28 (3.3.15-2) unstable; urgency=medium
* 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
fixing a testsuite error on kfreebsd-*.
gnutls28 (3.3.15-1) unstable; urgency=medium
* New upstream stable release.
+ Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
gnutls28 (3.3.14-2) unstable; urgency=medium
* Upload to unstable.
* Sync version of Depends and Build-Depends on libtasn1-6-dev.
gnutls28 (3.3.14-1) experimental; urgency=medium
* New upstream version.
+ Bump libtasn b-d to >= 4.3.
gnutls28 (3.3.13-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for CVE-2015-0294, a certificate algorithm consistency
checking issue.
gnutls28 (3.3.12-1) experimental; urgency=medium
* New upstream version.
+ gnutls-cli-debug STARTTLS is working. Closes: #467022
gnutls28 (3.3.11-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for OCSP response parsing issue. Closes: #772055
gnutls28 (3.3.10-2) experimental; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
gnutls28 (3.3.10-1) experimental; urgency=medium
* debian/rules: fix pattern for removal (and re-generation) of autogen-ed
manpages.
* New upstream version.
+ Includes fix for a denial of service issue CVE-2014-8564 /
GNUTLS-SA-2014-5.
+ When gnutls_global_init() is called for a second time, it will check
whether the /dev/urandom fd kept is still open and matches the original
one. That behavior works around issues with servers that close all file
descriptors. This should take care of #760476.
gnutls28 (3.3.9-1) experimental; urgency=medium
* New upstream version.
+ Unfuzz 20_debian_specific_soname.diff.
+ Drop 31_fallback_to_RUSAGE_SELF.diff.
+ Bump private symbol dependency info.
+ Bump dependency version of gnutls_certificate_get_issuer() and
gnutls_x509_trust_list_get_issuer() because of newly added
GNUTLS_TL_GET_COPY flag.
gnutls28 (3.3.8-7) unstable; urgency=medium
* 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
Pull two patches from upstream to a use-after-free flaw in
gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
Closes: #782776
gnutls28 (3.3.8-6) unstable; urgency=medium
* 39_check-whether-the-two-signatur.patch: Pull and unfuzz
6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
certificate import check whether the two signature algorithms match.
CVE-2015-0294. Closes: #779428
gnutls28 (3.3.8-5) unstable; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
gnutls28 (3.3.8-4) unstable; urgency=high
* Drop 31_fallback_to_RUSAGE_SELF.diff.
* 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually
from the application check the urandom fd for validity. Closes: #768841
and takes care of #760476.
* 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
session deinit. It is already being refreshed during the session lifetime.
* 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input.
CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
* 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
uses a cert in binary der-format which is not representable in a quilt
patches and we want to limit debian.tar.xz to modify stuff in debian/ we
have some special handling in debian/rules.)
Date: Thu, 21 May 2015 08:47:19 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.3.15-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 May 2015 08:47:19 -0400
Source: gnutls28
Binary: libgnutls-dev libgnutls28-dev libgnutls-deb0-28 libgnutls28-dbg gnutls-bin gnutls-doc guile-gnutls libgnutlsxx28 libgnutls-openssl27
Architecture: source
Version: 3.3.15-2ubuntu1
Distribution: wily
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
guile-gnutls - GNU TLS library - GNU Guile bindings
libgnutls-deb0-28 - GNU TLS library - main runtime library
libgnutls-dev - GNU TLS library - development files
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutls28-dbg - GNU TLS library - debugger symbols
libgnutls28-dev - dummy transitional package for GNU TLS library - development file
libgnutlsxx28 - GNU TLS library - C++ runtime library
Closes: 467022 768841 769154 769904 772055 779428 782776
Changes:
gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- Make gnutls28 default.
* Dropped patches included in new version:
- debian/patches/CVE-2015-0294.patch
- debian/patches/CVE-2014-8564.patch
.
gnutls28 (3.3.15-2) unstable; urgency=medium
.
* 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
fixing a testsuite error on kfreebsd-*.
.
gnutls28 (3.3.15-1) unstable; urgency=medium
.
* New upstream stable release.
+ Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
.
gnutls28 (3.3.14-2) unstable; urgency=medium
.
* Upload to unstable.
* Sync version of Depends and Build-Depends on libtasn1-6-dev.
.
gnutls28 (3.3.14-1) experimental; urgency=medium
.
* New upstream version.
+ Bump libtasn b-d to >= 4.3.
.
gnutls28 (3.3.13-1) experimental; urgency=medium
.
* New upstream version.
+ Includes fix for CVE-2015-0294, a certificate algorithm consistency
checking issue.
.
gnutls28 (3.3.12-1) experimental; urgency=medium
.
* New upstream version.
+ gnutls-cli-debug STARTTLS is working. Closes: #467022
.
gnutls28 (3.3.11-1) experimental; urgency=medium
.
* New upstream version.
+ Includes fix for OCSP response parsing issue. Closes: #772055
.
gnutls28 (3.3.10-2) experimental; urgency=medium
.
* Remove SSL 3.0 from default priorities list.
Closes: #769904
.
gnutls28 (3.3.10-1) experimental; urgency=medium
.
* debian/rules: fix pattern for removal (and re-generation) of autogen-ed
manpages.
* New upstream version.
+ Includes fix for a denial of service issue CVE-2014-8564 /
GNUTLS-SA-2014-5.
+ When gnutls_global_init() is called for a second time, it will check
whether the /dev/urandom fd kept is still open and matches the original
one. That behavior works around issues with servers that close all file
descriptors. This should take care of #760476.
.
gnutls28 (3.3.9-1) experimental; urgency=medium
.
* New upstream version.
+ Unfuzz 20_debian_specific_soname.diff.
+ Drop 31_fallback_to_RUSAGE_SELF.diff.
+ Bump private symbol dependency info.
+ Bump dependency version of gnutls_certificate_get_issuer() and
gnutls_x509_trust_list_get_issuer() because of newly added
GNUTLS_TL_GET_COPY flag.
.
gnutls28 (3.3.8-7) unstable; urgency=medium
.
* 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
Pull two patches from upstream to a use-after-free flaw in
gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
Closes: #782776
.
gnutls28 (3.3.8-6) unstable; urgency=medium
.
* 39_check-whether-the-two-signatur.patch: Pull and unfuzz
6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
certificate import check whether the two signature algorithms match.
CVE-2015-0294. Closes: #779428
.
gnutls28 (3.3.8-5) unstable; urgency=medium
.
* Remove SSL 3.0 from default priorities list.
Closes: #769904
.
gnutls28 (3.3.8-4) unstable; urgency=high
.
* Drop 31_fallback_to_RUSAGE_SELF.diff.
* 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually
from the application check the urandom fd for validity. Closes: #768841
and takes care of #760476.
* 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
session deinit. It is already being refreshed during the session lifetime.
* 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input.
CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
* 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
uses a cert in binary der-format which is not representable in a quilt
patches and we want to limit debian.tar.xz to modify stuff in debian/ we
have some special handling in debian/rules.)
Checksums-Sha1:
eaa1711f631fa7e75186db4495f1db67ddfe15e4 3088 gnutls28_3.3.15-2ubuntu1.dsc
d7f66b0aeaf48ff8621cc1913230635ef672f0a4 6286288 gnutls28_3.3.15.orig.tar.xz
615a75aa36830f01ff99bb545767b83bb35b6fcc 86200 gnutls28_3.3.15-2ubuntu1.debian.tar.xz
Checksums-Sha256:
970f37e79e616724de7b231210b9387f713e876f7f5e033163e494ff6479b83b 3088 gnutls28_3.3.15-2ubuntu1.dsc
8961227852911a1974e15bc017ddbcd4779876c867226d199f06648d8b27ba4b 6286288 gnutls28_3.3.15.orig.tar.xz
a2df6cd12acbcd15e6535fc6e97705073b3177da055c8a9bd1fcae0e971b65c7 86200 gnutls28_3.3.15-2ubuntu1.debian.tar.xz
Files:
26687a4576bf0011e9c211a9740d6014 3088 libs optional gnutls28_3.3.15-2ubuntu1.dsc
03b7e282a0888a8f7620ece83d7853c6 6286288 libs optional gnutls28_3.3.15.orig.tar.xz
ec0a7c5c5d08faf3254084fed18dc085 86200 libs optional gnutls28_3.3.15-2ubuntu1.debian.tar.xz
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVXd+EAAoJEGVp2FWnRL6T5RMP/2eVEHwj0ZxFQPNMnmrgEcMH
mpmQctBlYGICRwVt7EaGgAU2N34nWHPRSOxZutzdGyh7E7jhRF1CDlDTB3dfpIUl
/fQBBOWXKyXZcM/UC8vPMFeIAjrjf8zCXaYnDI/pFEZMCqI9ry2I10NHYYxlp/gF
XC9d3z5/wGMcCwWImf+NXXUR168mMkQhLi0yvmG/5MIOVfa3fTQ3xhHC2NETftxZ
032KKldmQ9t4e6Cbf+JI442qG5jy+YHtueILGZeHHEeJhlDyJlvEZ8LpfXYdmksq
b3hcoOBkBs63ZkJZ9pYHwI3JKL4/PE4WM4AQJkydKbRCK3mM6AdHqjs+6JNUdfUa
X+6T1meetX85nQ9XknBAZS48tTig+0k43MlT+EErbLuhOT/6Ra+R5YJ6t1aAHJUP
N98In7NrMhi5xF76r4xMKU9Q30Xg8VAhKs8Q/GkiIQgXeCR+9J2RF40Dt/KEYAi/
HtYTj7gaZIBnZAoVsUftsMnH31sZY+02QJj8NWbOJPX6zseIrQQdsO7Bgel4dq/i
jZavw+BMkTtYa02eMrtLB/K4k+X1pyVMzMyYLpxAjRL827JtJ3Btp4aUMRJEWD01
CjbLLr0VFMlhPlOss2U/kxzObBLJzyG6biGZUcFawF5BSJOPkWzL1RGP/mHb5nM4
5LSwPBeAvsL7KG6e+a9j
=U7SM
-----END PGP SIGNATURE-----
More information about the Wily-changes
mailing list