-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-08-14 14:57:08 UTC
-
mfrom:
(16.1.2 hardy-proposed)
-
Revision ID:
james.westby@ubuntu.com-20090814145708-8kq1sgl8bqszp4g6
Tags: 2.0.4-1ubuntu2.6
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required updating _gnutls_hostname_compare() in
lib/x509/rfc2818_hostname.c to support wide wildcard hostname matching.
This is a backward compatible change and which only adds additional
matching of hostnames.
- CVE-2009-2730