Bug#699891: unblock: gnutls26/2.12.20-4

Andreas Metzler ametzler at downhill.at.eu.org
Wed Feb 6 12:22:59 UTC 2013 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package gnutls26. It contains a bunch of fixes from
upstream's 2.12.22 and 2.12.23 bugfix releases.

+35_TLS-CBC_timing-attack.diff (GNUTLS-SA-2013-1) TLS CBC padding timing
 attack. CVE-2013-0169 CVE-2013-1619. This is the recently published
 "lucky thirteen" TLS attack.
+34_pkcs11_memleak.diff Eliminated memory leak in PCKS #11
 initialization. (Should be quite helpful when running valgrind
 on a gnutls using package).
+31_allow_key_usage_violation.diff: Always tolerate key usage violation
 errors from the side of the peer, but also notify via an audit message.
+32_record-padding-parsing.patch: Fix record padding parsing issue.
 Thiis was also reported in the "lucky thirteen" paper.
+33_stricter_rsa_pkcs_1.5.diff: Fixes random handshake failures with
 non-GnuTLS implementations.

The watchfile was also updated.

This brings us up to GnuTLS 2.12.23, except for these differences:
- The equivalent change of 33_stricter_rsa_pkcs_1.5.diff for the nettle
  code is not included as it is not relevant for Debian's binary packages.
- 0b9d8d6f21dad85038c6de36d8fbd56271263f64 Corrected bug in PGP subpacket
  encoding.
- Compatibility with libtasn1 3.x, which would require libtasn1 >=2.14.
- Updated gnulib.
- Build system fixes.

I would really to all theses fixes in squeeze (35 and 32 qualify as
serious, the other ones as important). However if that is not possible
I can provide minimal upload (just 32 and 35) for tpu.

unblock gnutls26/2.12.20-4

Thanks for consideration, cu andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from_2.12.20-2_to-4.diff
Type: text/x-diff
Size: 20287 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130206/be659436/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130206/be659436/attachment.pgp>

More information about the Pkg-gnutls-maint mailing list