Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Feb 2014 19:30:30 +0000
From: "mancha" <mancha1@...h.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)

GnuTLS has just released versions 3.1.21 and 3.2.11 to address
an issue with the handling of v1 CA certificates. According to
the developer in GnuTLS advisory GNUTLS-SA-2014-1: "This issue
can be exploited if there are trusted CAs that issue X.509
version 1 certificates." [1]

[1] http://gnutls.org/security.html

Upstream fix:
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d18

Unless already assigned, would you please allocate a CVE for
this issue?

Thank you.

--mancha

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ