Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/gnutls26
status new
importance wishlist
subscribe ubuntu-main-sponsors
Please sync gnutls26 2.8.3-1 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
Please sync the latest version from debian as they have updated their
package to the latest upstream release. and incorporated fix for
CVE 2009-2730 which was the only ubuntu change
Changelog since current karmic version 2.6.6-1ubuntu1:
gnutls26 (2.8.3-1) unstable; urgency=high
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.
-- Andreas Metzler <ametz...@debian.org> Fri, 14 Aug 2009 19:14:29
+0200
gnutls26 (2.8.1-2) unstable; urgency=low
[ Simon Josefsson ]
* Remove cruft in rules file.
* Remove patches/15_tasn1inpc.diff, not needed.
[ Andreas Metzler ]
* Finally add an entry to the NEWS.Debian file concerning the deprecation of
RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
* Upload to unstable.
* 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
Fix testsuite error caused by expired certificate.
-- Andreas Metzler <ametz...@debian.org> Thu, 06 Aug 2009 19:12:51
+0200
gnutls26 (2.8.1-1) experimental; urgency=low
* New upstream stable release.
-- Andreas Metzler <ametz...@debian.org> Thu, 11 Jun 2009 09:15:28
+0200
gnutls26 (2.7.14-1) experimental; urgency=low
* [debian/control] set section setting of source package to libs instead of
devel.
* New upstream version.
+ Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
+ Bump shlibs, new symbols added.
-- Andreas Metzler <ametz...@debian.org> Tue, 26 May 2009 19:51:41
+0200
gnutls26 (2.7.12-1) experimental; urgency=low
* Fix typo in changelog. Closes: #526427
* New upstream release.
+ Does not ship the scripts libgnutls-extra-config and libgnutls-config
and the .m4 snippet to use it anymore. Please switch to pkg-config or
standard autoconf test. Drop manpages and
both patches/13_lessdeps_gnutls-config.diff and
patches/13_lessdeps_gnutls-config.diff from the debian diff.
+ Update remaining patches.
+ Bump shlibs, new symbols added.
* [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
GNUTLS_2_8.
* New upstream uses separate ./configure scripts for the different
libraries. Invoke the main ./configure script with
--cache-file=$(CURDIR)/config.cache to speed things up.
-- Andreas Metzler <ametz...@debian.org> Thu, 21 May 2009 11:18:35
+0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKhm+yL+KnYRaooWIRAug/AJ9/4Vngktrue5swa2MSfTXJohzqcACeO4Ng
w/bLQK3GRlu4M4fM/GMoOsE=
=5YEV
-----END PGP SIGNATURE-----
** Affects: gnutls26 (Ubuntu)
Importance: Wishlist
Status: New
--
Please sync gnutls26 2.8.3-1 (main) from Debian unstable (main).
https://bugs.launchpad.net/bugs/413956
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
