oss-sec mailing list archives
CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)
From: "mancha" <mancha1 () hush com>
Date: Thu, 13 Feb 2014 19:30:30 +0000
GnuTLS has just released versions 3.1.21 and 3.2.11 to address an issue with the handling of v1 CA certificates. According to the developer in GnuTLS advisory GNUTLS-SA-2014-1: "This issue can be exploited if there are trusted CAs that issue X.509 version 1 certificates." [1] [1] http://gnutls.org/security.html Upstream fix: https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d18 Unless already assigned, would you please allocate a CVE for this issue? Thank you. --mancha
Current thread:
- CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) mancha (Feb 13)
- Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign (Feb 13)
- Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger (Feb 25)
- Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign (Feb 26)
- Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger (Feb 27)
- Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger (Feb 25)
- Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign (Feb 13)