tags 424763 + patch thanks
Hi, Thanks to Simon for the pointer. Please find attached a debdiff for the bug. cheers, Fathi
diff -u gnutls26-2.4.2/debian/changelog gnutls26-2.4.2/debian/changelog --- gnutls26-2.4.2/debian/changelog +++ gnutls26-2.4.2/debian/changelog @@ -1,3 +1,11 @@ +gnutls26 (2.4.2-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Add debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff + to fix _gnutls_x509_crt_get_raw_dn2 segfault. Closes: #505279 + + -- Fathi Boudra <[EMAIL PROTECTED]> Wed, 12 Nov 2008 10:01:37 +0100 + gnutls26 (2.4.2-2) unstable; urgency=medium * [CVE-2008-4989.diff] Fix man in the middle attack for certificate --- gnutls26-2.4.2.orig/debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff +++ gnutls26-2.4.2/debian/patches/21_gnutls_x509_crt_get_raw_dn2_fix_505279.diff @@ -0,0 +1,20 @@ +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -376,17 +376,6 @@ + int i = 0, ret; + unsigned int status = 0, output; + +- /* Check if the last certificate in the path is self signed. +- * In that case ignore it (a certificate is trusted only if it +- * leads to a trusted party by us, not the server's). +- */ +- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], +- certificate_list[clist_size - 1]) > 0 +- && clist_size > 0) +- { +- clist_size--; +- } +- + /* Verify the last certificate in the certificate path + * against the trusted CA certificate list. + *