-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-09-18 12:34:57 UTC
-
Revision ID:
james.westby@ubuntu.com-20060918123457-ay7jypnml8nk91p0
Tags: 1.2.9-2ubuntu1.1
* SECURITY UPDATE: Signature forgery.
* Add debian/patches/00CVS_CVE-2006-4790.patch:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate. (Similar to
recent OpenSSL update.)
- Patch taken from upstream CVS:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
- CVE-2006-4790