Accepted gnutls10 1.0.4-8ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Fri May 13 04:05:03 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 13 May 2005 10:59:13 +0200
Source: gnutls10
Binary: libgnutls10 libgnutls10-dev
Architecture: source
Version: 1.0.4-8ubuntu1
Distribution: breezy
Urgency: low
Maintainer: Matthias Urlichs <smurf at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libgnutls10 - GNU TLS library - runtime library
libgnutls10-dev - GNU TLS library - development files
Changes:
gnutls10 (1.0.4-8ubuntu1) breezy; urgency=low
.
* SECURITY UPDATE: Fix Denial of Service.
* Added debian/patches/CAN-2005-1431.patch:
- lib/gnutls_cipher.c, _gnutls_ciphertext2compressed(): "pad" is specified
in the user-supplied ciphertext; before executing the "Check the padding
bytes" loop, check that the pad length is valid before accessing the
ciphertext array. Invalid pad lengths triggered an out of bounds access
which could crash the application.
- Patch taken from upstream CVS.
- CAN-2005-1431
Files:
34ee445e6152219ae1e1a6341a1f83b7 740 devel optional gnutls10_1.0.4-8ubuntu1.dsc
5f56d1e300a85334888ceb0e82126efd 1369230 devel optional gnutls10_1.0.4-8ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFChGx8DecnbV4Fd/IRAqVuAJ4ppTE8i5DG27W+aHzKiRt4jL8NXgCgpxcO
tDmmuo2ynxvWjQNGiySGC2c=
=5JCF
-----END PGP SIGNATURE-----
Accepted:
gnutls10_1.0.4-8ubuntu1.diff.gz
to pool/universe/g/gnutls10/gnutls10_1.0.4-8ubuntu1.diff.gz
gnutls10_1.0.4-8ubuntu1.dsc
to pool/universe/g/gnutls10/gnutls10_1.0.4-8ubuntu1.dsc
More information about the breezy-changes
mailing list