Viewing all changes in revision 8.
- Committer: Bazaar Package Importer
- Date: 2009-02-20 13:47:47 UTC
- Revision ID: james.westby@ubuntu.com-20090220134747-qesq7zj42uh27rno
* Fix for certificate chain regressions introduced by fixes for
CVE-2008-4989
* debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
address all known regressions. To summarize from upstream:
- Fix X.509 certificate chain validation error (CVE-2008-4989)
- Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
- Deprecate X.509 validation chains using MD5 and MD2 signatures
- Accept chains where intermediary certs are trusted (LP: #305264)
CVE-2008-4989
* debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
address all known regressions. To summarize from upstream:
- Fix X.509 certificate chain validation error (CVE-2008-4989)
- Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
- Deprecate X.509 validation chains using MD5 and MD2 signatures
- Accept chains where intermediary certs are trusted (LP: #305264)
- files modified:
- debian/changelog
expand all
collapse all
added
removed
