1
Candidate: CVE-2014-0350
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0350
5
http://www.kb.cert.org/vuls/id/118748
6
https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG
8
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO
9
C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof
10
SSL servers via crafted DNS PTR records that are requested during
11
comparison of a server name to a wildcard domain name in an X.509
15
sbeattie> debian fixed in 1.3.6p1-5
22
upstream_poco: released (1.4.6p4)
23
lucid_poco: ignored (reached end-of-life)
24
precise_poco: ignored (reached end-of-life)
25
precise/esm_poco: DNE (precise was needed)
26
quantal_poco: ignored (reached end-of-life)
27
saucy_poco: ignored (reached end-of-life)
28
trusty_poco: released (1.3.6p1-4+deb7u1build1)
29
utopic_poco: ignored (reached end-of-life)
30
vivid_poco: ignored (reached end-of-life)
31
vivid/stable-phone-overlay_poco: DNE
32
vivid/ubuntu-core_poco: DNE
33
wily_poco: not-affected (1.3.6p1-5)
34
xenial_poco: not-affected (1.3.6p1-5)
35
yakkety_poco: not-affected (1.3.6p1-5)
36
zesty_poco: not-affected (1.3.6p1-5)
37
artful_poco: not-affected (1.3.6p1-5)
38
devel_poco: not-affected (1.3.6p1-5)