tags 424763 + patch
thanks
Hi,
Thanks to Simon for the pointer.
Please find attached a debdiff for the bug.
cheers,
Fathi
diff -u gnutls26-2.4.2/debian/changelog gnutls26-2.4.2/debian/changelog
--- gnutls26-2.4.2/debian/changelog
+++ gnutls26-2.4.2/debian/changelog
@@ -1,3 +1,11 @@
+gnutls26 (2.4.2-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff
+ to fix _gnutls_x509_crt_get_raw_dn2 segfault. Closes: #505279
+
+ -- Fathi Boudra <[EMAIL PROTECTED]> Wed, 12 Nov 2008 10:01:37 +0100
+
gnutls26 (2.4.2-2) unstable; urgency=medium
* [CVE-2008-4989.diff] Fix man in the middle attack for certificate
--- gnutls26-2.4.2.orig/debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff
+++ gnutls26-2.4.2/debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff
@@ -0,0 +1,20 @@
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -376,17 +376,6 @@
+ int i = 0, ret;
+ unsigned int status = 0, output;
+
+- /* Check if the last certificate in the path is self signed.
+- * In that case ignore it (a certificate is trusted only if it
+- * leads to a trusted party by us, not the server's).
+- */
+- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+- certificate_list[clist_size - 1]) > 0
+- && clist_size > 0)
+- {
+- clist_size--;
+- }
+-
+ /* Verify the last certificate in the certificate path
+ * against the trusted CA certificate list.
+ *
