Comment 74 for bug 305264

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls26 - 2.4.1-1ubuntu0.3

gnutls26 (2.4.1-1ubuntu0.3) intrepid-security; urgency=low

  * Fix for certificate chain regressions introduced by fixes for
  * debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

 -- Jamie Strandboge <email address hidden> Fri, 20 Feb 2009 12:24:43 -0600