Accepted gnutls26 2.6.6-1 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 30 Apr 2009 19:00:21 +0200
Source: gnutls26
Binary: libgnutls-dev libgnutls26 libgnutls26-dbg gnutls-bin gnutls-doc guile-gnutls
Architecture: source all i386
Version: 2.6.6-1
Distribution: unstable
Urgency: high
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
gnutls-bin - the GNU TLS library - commandline utilities
gnutls-doc - the GNU TLS library - documentation and examples
guile-gnutls - the GNU TLS library - GNU Guile bindings
libgnutls-dev - the GNU TLS library - development files
libgnutls26 - the GNU TLS library - runtime library
libgnutls26-dbg - GNU TLS library - debugger symbols
Changes:
gnutls26 (2.6.6-1) unstable; urgency=high
.
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009-1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009-2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009-3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
brehavior change, add a NEWS.Debian file to document it.
Checksums-Sha1:
bb787b6f5cf0423d613b0812545fd3f494ab0fd4 1576 gnutls26_2.6.6-1.dsc
9a46b2679ab43cf02b9d9ac7477720dc874fc008 6160645 gnutls26_2.6.6.orig.tar.gz
0955931bb300f0a8f1a6ede1e82c9cd2a788c4e7 16679 gnutls26_2.6.6-1.diff.gz
bfbe2180b044412467bcdccd4ae4fa871ea0a6d9 2841818 gnutls-doc_2.6.6-1_all.deb
6b1dafb20cb58c67f6b49ed48c044615ea77106b 551362 libgnutls-dev_2.6.6-1_i386.deb
4fedc0be58e1b65fbb7d808f7a695fd129cdb63c 477376 libgnutls26_2.6.6-1_i386.deb
baeacf5de7677c95ef0e52a2e198605ea3f894f8 1060626 libgnutls26-dbg_2.6.6-1_i386.deb
2f3555144ee58da573d14ee049e4cb607c8bfd25 284568 gnutls-bin_2.6.6-1_i386.deb
4fcc28f039f2b987f84a6ac72fa3b374e24acac0 220072 guile-gnutls_2.6.6-1_i386.deb
Checksums-Sha256:
3f86548588d9641385f7edb1d541ed398cc530076f47f7b5177443b37a6b3f34 1576 gnutls26_2.6.6-1.dsc
2fae439967df9ffb7a52f5f2c169a7fc589cbd14ba313f29f88fe5012db77082 6160645 gnutls26_2.6.6.orig.tar.gz
3a709b6ab7decdb928951b74f9dddb8d1c49b73b39bb1d34463de7eb92ae7889 16679 gnutls26_2.6.6-1.diff.gz
b58e56557aa7357b823fc033c4e93f92d66400d7c6f307ca8e47a27f46a85ccf 2841818 gnutls-doc_2.6.6-1_all.deb
b403cae7de895f0c4444002d0ebb0ca0ee94213f32edcbb8b1d444733c4a676e 551362 libgnutls-dev_2.6.6-1_i386.deb
a26ad4d87a7f00a93ba5c01a0b6f539798da5512024b6faea8cfd763fdc2b58c 477376 libgnutls26_2.6.6-1_i386.deb
3e17110d7471e99698033a5b443bac5474a72d274344e73b719ef7d000002f47 1060626 libgnutls26-dbg_2.6.6-1_i386.deb
8b4ffc0f004cd0570f35941d786ff2cff906f6261b74841509a623b356715b8d 284568 gnutls-bin_2.6.6-1_i386.deb
a3c7689e14db460f36019360041275948e0411d561819a2c6dd5e4fc6d034e75 220072 guile-gnutls_2.6.6-1_i386.deb
Files:
9065519cf9be770b353ebbbe63a9eaa5 1576 devel optional gnutls26_2.6.6-1.dsc
a5ac3b8e0b456930d88ded2af687ea4f 6160645 devel optional gnutls26_2.6.6.orig.tar.gz
203b79ff50ad425b628bcccc1e2dd9c5 16679 devel optional gnutls26_2.6.6-1.diff.gz
1401e496790d6e7fa2074177cc759750 2841818 doc optional gnutls-doc_2.6.6-1_all.deb
dc4a2de0abb4a585852935b1f464998f 551362 libdevel optional libgnutls-dev_2.6.6-1_i386.deb
8044287859924f92e4a6c875321048c3 477376 libs important libgnutls26_2.6.6-1_i386.deb
1dbb513ce3a207972a95ea14c15a3879 1060626 debug extra libgnutls26-dbg_2.6.6-1_i386.deb
84a89d38f72712fec73de27bc023ab9c 284568 net optional gnutls-bin_2.6.6-1_i386.deb
74ff31c4aae0d527af528b40433ceb7e 220072 lisp optional guile-gnutls_2.6.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn54lwACgkQHTOcZYuNdmN7TwCggpJ66EmGZr/EpbDt0RexRMO9
NiEAn2KK8HSShK0fIORVi6p1FxOAXq0b
=nl+3
-----END PGP SIGNATURE-----
Accepted:
gnutls-bin_2.6.6-1_i386.deb
to pool/main/g/gnutls26/gnutls-bin_2.6.6-1_i386.deb
gnutls-doc_2.6.6-1_all.deb
to pool/main/g/gnutls26/gnutls-doc_2.6.6-1_all.deb
gnutls26_2.6.6-1.diff.gz
to pool/main/g/gnutls26/gnutls26_2.6.6-1.diff.gz
gnutls26_2.6.6-1.dsc
to pool/main/g/gnutls26/gnutls26_2.6.6-1.dsc
gnutls26_2.6.6.orig.tar.gz
to pool/main/g/gnutls26/gnutls26_2.6.6.orig.tar.gz
guile-gnutls_2.6.6-1_i386.deb
to pool/main/g/gnutls26/guile-gnutls_2.6.6-1_i386.deb
libgnutls-dev_2.6.6-1_i386.deb
to pool/main/g/gnutls26/libgnutls-dev_2.6.6-1_i386.deb
libgnutls26-dbg_2.6.6-1_i386.deb
to pool/main/g/gnutls26/libgnutls26-dbg_2.6.6-1_i386.deb
libgnutls26_2.6.6-1_i386.deb
to pool/main/g/gnutls26/libgnutls26_2.6.6-1_i386.deb
Reply to: