1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2014-12-31
Candidate: CVE-2014-8155
PublicDate: 2015-08-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8155
http://www.ubuntu.com/usn/usn-2540-1
Description:
GnuTLS before 2.9.10 does not verify the activation and expiration dates of
CA certificates, which allows man-in-the-middle attackers to spoof servers
via a certificate issued by a CA certificate that is (1) not yet valid or
(2) no longer valid.
Ubuntu-Description:
Notes:
tyhicks> Fixed upstream in 2.9.10
Bugs:
Priority: low
Discovered-by:
Assigned-to: mdeslaur
Patches_gnutls26:
upstream: https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
upstream_gnutls26: released (2.9.10-1)
lucid_gnutls26: released (2.8.5-2ubuntu0.7)
precise_gnutls26: not-affected (2.12.14-5ubuntu3.8)
trusty_gnutls26: not-affected
utopic_gnutls26: not-affected
devel_gnutls26: not-affected
Patches_gnutls28:
upstream_gnutls28: not-affected
lucid_gnutls28: DNE
precise_gnutls28: not-affected (3.0.11-1ubuntu2)
trusty_gnutls28: not-affected
utopic_gnutls28: not-affected
devel_gnutls28: not-affected
|