This bug was fixed in the package gnutls13 - 2.0.4-1ubuntu2.6
---------------
gnutls13 (2.0.4-1ubuntu2.6) hardy-security; urgency=low
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
- debian/patches/91_CVE-2009-2730.diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required updating _gnutls_hostname_compare() in
lib/x509/rfc2818_hostname.c to support wide wildcard hostname matching.
This is a backward compatible change and which only adds additional
matching of hostnames.
- CVE-2009-2730
-- Jamie Strandboge <[email protected]> Fri, 14 Aug 2009 14:57:08
-0500
--
gnutls vulnerable to CVE-2009-2730
https://bugs.launchpad.net/bugs/413136
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
