[el5_latest] gnutls-1.4.1-16.el5_10.i386

GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.

Changelog (Show File list) (Show related packages)

• Sat May 31 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-16

  - added missing check for null pointer (#1102355)

• Fri May 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-15

  - fix session ID length check and null pointer dereference (#1102355)
  - fix minitasn1 issues (#1102355)
  - Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch

• Fri Feb 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-14

  - Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch
  - Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch

• Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-13

  - fix issues of CVE-2014-0092 (#1069888)

• Tue May 28 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-12

  - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619
    upstream patch (#966754)

• Fri Feb 22 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-11

  - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)

• Thu Jun 07 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-10

  - do not generate invalid certificate requests without challenge password
  - store subject DN instead of issuer DN in the CA list

• Fri Mar 23 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-9

  - fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)
  - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)
  - fix CVE-2012-1573 - security issue in packet parsing (#805432)

• Thu Feb 09 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-8

  - fix multiple possible NULL dereferences and other problems
    that can potentially lead to segfault in the client

• Wed Mar 10 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-7

  - fix safe renegotiation on SSL3 protocol

• Thu Mar 04 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-6

  - implement safe renegotiation - CVE-2009-3555 (#533125)
  - do not allow MD2 in certificate signatures by default - CVE-2009-2409
    (#510197)

• Sat Aug 15 2009 Tomas Mraz <tmraz@redhat.com> 1.4.1-5

  - fix NUL characters in DN and SAN cert fields issue,
    make sure gnutls_x509_crt_check_hostname() fails when certificate
    has no CN or SAN CVE-2009-2730 (#516231)

• Wed Nov 12 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-4

  - fix chain verification issue CVE-2008-4989 (#470079)

• Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-3

  - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
    (#447461, #447462, #447463)

• Fri Sep 15 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2

  - detect forged signatures - CVE-2006-4790 (#206411), patch
    from upstream

• Wed Jul 19 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1

  - upgrade to new upstream version, only minor changes

• Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1

  - rebuild

• Thu Jun 15 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1

  - upgrade to new upstream version (#192070), rebuild
    of dependent packages required

• Wed May 17 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2

  - added missing buildrequires

• Tue Feb 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1

  - updated to new version (fixes CVE-2006-0645)

• Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2

  - bump again for double-long bug on ppc(64)

• Wed Feb 08 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1

  - rebuilt for new gcc4.1 snapshot and glibc changes

• Wed Jan 04 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3

  - rebuilt

• Sat Dec 10 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2

  - replaced *-config scripts with calls to pkg-config to
    solve multilib conflicts

• Thu Nov 24 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1

  - upgrade to newest upstream
  - removed .la files (#172635)

• Mon Aug 08 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1

  - upgrade to newest upstream (rebuild of dependencies necessary)

• Tue Jul 05 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2

  - split the command line tools to utils subpackage

• Sun May 01 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1

  - new upstream version fixes potential DOS attack

• Sun Apr 24 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2

  - readd the version script dropped by upstream

• Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1

  - update to the latest upstream version on the 1.0 branch

• Thu Mar 03 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6

  - gcc4 rebuild

• Wed Jan 05 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5

  - add gnutls Requires zlib-devel (#144069)

• Tue Nov 09 2004 Colin Walters <walters@redhat.com> 1.0.20-4

  - Make gnutls-devel Require libgcrypt-devel

• Wed Sep 22 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3

  - rebuild with release++, otherwise unchanged.

• Wed Sep 08 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2

  - patent tainted SRP code removed.

• Mon Sep 06 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1

  - update to 1.0.20.
  - add --with-included-opencdk --with-included-libtasn1
  - add --with-included-libcfg --with-included-lzo
  - add --disable-srp-authentication.
  - do "make check" after build.

• Sat Mar 22 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1

  - upgrade to 0.9.2

• Wed Jun 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1

  - update to 0.4.4.

• Sat Jun 22 2002 Tim Powers <timp@redhat.com>

  - automated rebuild

• Sun May 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1

  - update to 0.4.3.

• Wed May 22 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1

  - update to 0.4.2.
  - change license to LGPL.
  - include splint annotations patch.

• Wed Apr 03 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1

  - update to 0.4.0

• Fri Jan 18 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1

  - update to 0.3.2

• Fri Jan 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1

  - add a URL

• Fri Dec 21 2001 Nalin Dahyabhai <nalin@redhat.com>

  - initial package