Commit caf2b2ba authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

gnutls: security bump to version 3.2.20 



Fixes:
CVE-2014-8564 / GNUTLS-SA-2014-5 - Sean Burford reported that the
encoding of elliptic curves parameters GnuTLS 3 is vulnerable to a
denial of service (heap corruption). It affects clients and servers
which print information about the peer's certificate, e.g., the key ID,
and can be exploited via a specially crafted X.509 certificate.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 7b640487

package/gnutls/gnutls.hash

+1 −1
Original line number Diff line number Diff line 
# Locally calculated after checking pgp signature

sha256	a20d95a434a670afe5ce66430ae56151bbbe14456a0517ce775c46b1d4183dcf	gnutls-3.2.19.tar.xz
 
sha256	7967057e78c3ed968e524a07ab262681219b73001ab8e75cbc4f1a506abdb598	gnutls-3.2.20.tar.xz

package/gnutls/gnutls.mk

+1 −1
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
################################################################################



GNUTLS_VERSION_MAJOR = 3.2

GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).19

GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).20

GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz

GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)

GNUTLS_LICENSE = GPLv3+ LGPLv2.1+