2017-01-24 - email@example.com
- Fix an infinite loop if an EOF occurs while skipping a PGP packet
* add 0001-Do-not-infinite-loop-if-an-EOF-occurs-while-skipping.patch
2017-01-10 - firstname.lastname@example.org
- GNUTLS-SA-2017-2 (bsc#1018832)
* several memory corruptions in OpenPGP certificate decoding
* added patches:
- GNUTLS-SA-2016-3 (bsc#999646)
* Incorrect certificate validation when using OCSP responses
* added gnutls-CVE-2016-7444.patch
- remote denial of service in SSL alert handling (bsc#1005879)
* added gnutls-CVE-2016-8610.patch
2015-08-21 - email@example.com
- fix for CVE-2015-6251 (GNUTLS-SA-2015-3) (bsc#941794)
* double free in certificate DN decoding
* added gnutls-CVE-2015-6251.patch
2015-08-03 - firstname.lastname@example.org
- fix for CVE-2015-3622 in bundled libtasn1 (bsc#929414)
* invalid read in octet string
* added gnutls-CVE-2015-3622.patch
- fix for GNUTLS-SA-2015-2 (bsc#929690)
* ServerKeyExchange signature issue
* added gnutls-GNUTLS-SA-2015-2.patch
2015-03-18 - email@example.com
- fix for CVE-2015-0294 (bnc#919938)
* certificate algorithm consistency checking issue
* added gnutls-CVE-2015-0294.patch
2014-11-12 - firstname.lastname@example.org
- gnutls-CVE-2014-8564.patch: Fixed parsing problem in elliptic
curve blobs over TLS that could lead to remote crashes.
2014-06-03 - email@example.com
- Version 3.2.15 (released 2014-05-30)
* * libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
* * libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
* * libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
* * libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
* * gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
* * ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
* * libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
* * libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
* * libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
* * libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
* * libgnutls: Several small bug fixes found by coverity.
* * libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
* * configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.
* * certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
- CVE-2014-3466.patch: is upstream.
2014-06-02 - firstname.lastname@example.org
- Fixed bug[ bnc#880730], CVE-2014-3466: gnutls: Possible memory corruption during connect
Add patch file: CVE-2014-3466.patch