-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-4971 2014-04-09 11:40:19 -------------------------------------------------------------------------------- Name : gnutls Product : Fedora 20 Version : 3.1.23 Release : 1.fc20 URL : http://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. -------------------------------------------------------------------------------- Update Information: fixes liberal wildcard expansion and certtool generation of encrypted keys (when no password is provided) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 8 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 3.1.23-1 - fixes liberal wildcard expansion (#1085264) - fixes certtool generation of encrypted keys even without password (#1085272) * Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 3.1.20-4 - fixes CVE-2014-0092 (#1071795) * Fri Feb 14 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.20-3 - Fix CVE-2014-1959 (#1065094) * Mon Feb 3 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.20-1 - new upstream release - Fixed issue with gnutls.info not being available - Compile with trousers - Pulled fix from upstream for illegal supported-ecc extension (#1060411) * Thu Jan 2 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.18-3 - Applied complete patch from (#1046672) * Thu Jan 2 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.18-2 - Applied fix in suiteb patch to prevent crash in multiple deinitializations (#1046672) * Mon Dec 23 2013 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.18-1 - new upstream release * Thu Dec 5 2013 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.17-3 - Use the correct root key for unbound (#1012494) - Pull asm fixes from upstream (#973210) - tpmtool manpage is no longer installed (#1036363) * Tue Nov 26 2013 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.17-2 - Avoid linking with trousers to prevent introducing new features in f20 * Tue Nov 26 2013 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.1.17-1 - new upstream release - links against the system libopts - links against trousers -------------------------------------------------------------------------------- References: [ 1 ] Bug #1085264 - gnutls uses hostname comparison based on the very liberal rfc2818 https://bugzilla.redhat.com/show_bug.cgi?id=1085264 [ 2 ] Bug #1085272 - certtool generates encrypted pkcs8 when empty password is specified https://bugzilla.redhat.com/show_bug.cgi?id=1085272 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnutls' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-announce