GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)

Jamie Strandboge jamie at canonical.com
Fri Aug 14 23:35:38 CEST 2009


On Fri, 14 Aug 2009, Simon Josefsson wrote:

> I don't have time/resources to produce releases for older branches.  If
> someone else wants to volunteer to work on fixing older releases, that
> would be appreciated.
> 

Attached are preliminary patches for 2.4.1, 2.0.4 and 1.2.9 backported
from the advisory[1]. This is a first pass, have only been very lightly
tested and have not been thoroughly looked at (you've been warned). They
are not intended for production use yet, but hopefully others will be
able to use them and provide feedback.

2.0.4 and 1.2.9 needed an additional patch[2] which adds wide wildcard
hostname matching. Ubuntu will likely carry this patch, but it may not
be appropriate for everyone. 2.x passes the nul-in-x509-names.c test
mentioned in the advisory. 1.2.9 does not pass the CN test yet, though
at first glance certtool output looks comparable to the others. These
patches are against Ubuntu sources and not clean tarballs.

Jamie

[1] http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
[2] http://git.savannah.gnu.org/cgit/gnutls.git/patch/?id=177e7ddb761999cd8b439e14a2bf43590756e230

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2009-2730_2.4.1.patch
Type: text/x-diff
Size: 8098 bytes
Desc: not available
URL: </pipermail/attachments/20090814/228828a7/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2009-2730_2.0.4.patch
Type: text/x-diff
Size: 19482 bytes
Desc: not available
URL: </pipermail/attachments/20090814/228828a7/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2009-2730_1.2.9.patch
Type: text/x-diff
Size: 7273 bytes
Desc: not available
URL: </pipermail/attachments/20090814/228828a7/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: </pipermail/attachments/20090814/228828a7/attachment.pgp>


More information about the Gnutls-devel mailing list