Comment 62 for bug 305264

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls13 - 2.0.4-1ubuntu2.5

---------------
gnutls13 (2.0.4-1ubuntu2.5) hardy-security; urgency=low

  * Fix for certificate chain regressions introduced by fixes for
    CVE-2008-4989
  * debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

 -- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 13:02:36 -0600