« back to all changes in this revision
Viewing changes to lib/gnutls-api.texi
- Committer: Bazaar Package Importer
- Date: 2009-04-30 19:00:21 UTC
- mfrom: (1.1.6 upstream) (12.1.1 squeeze)
- Revision ID: james.westby@ubuntu.com-20090430190021-kjagrqik7888nksh
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009-1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009-2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009-3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
brehavior change, add a NEWS.Debian file to document it.
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009-1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009-2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009-3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
brehavior change, add a NEWS.Debian file to document it.
- files added:
- debian/libgnutls26.NEWS
- files modified:
- ChangeLog
added
removed
lib/gnutls-api.texi
