[Bug 413136] Re: gnutls vulnerable to CVE-2009-2730

Launchpad Bug Tracker Wed, 19 Aug 2009 15:11:13 -0700

This bug was fixed in the package gnutls26 - 2.4.2-6ubuntu0.1

---------------
gnutls26 (2.4.2-6ubuntu0.1) jaunty-security; urgency=low


  * SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
    Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
    - debian/patches/26_CVE-2009-2730.diff: verify length of CN and SAN
      are what we expect and error out if either contains an embedded \0
    - CVE-2009-2730

 -- Jamie Strandboge <[email protected]>   Fri, 14 Aug 2009 14:01:09
-0500

** Changed in: gnutls26 (Ubuntu Jaunty)
       Status: Fix Committed => Fix Released

** Changed in: gnutls26 (Ubuntu Intrepid)
       Status: Fix Committed => Fix Released

-- 
gnutls vulnerable to CVE-2009-2730
https://bugs.launchpad.net/bugs/413136
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 413136] Re: gnutls vulnerable to CVE-2009-2730

Reply via email to