[gnutls-devel] GNUTLS-SA-2014-1 / CVE-2014-1959 only affexts 3..x?
mancha1 at hush.com
Sat Feb 15 16:43:14 CET 2014
On Sat, 15 Feb 2014 15:16:55 +0000 "Andreas Metzler" wrote:
>http://www.gnutls.org/security.html#GNUTLS-SA-2014-1 says: "Suman
>reported a vulnerability that affects the certificate verification
>functions of gnutls 3.1.x and gnutls 3.2.x."
>Is this correct, are 3.0.x and 2.x not affected?
Hello. According to my code review the issue is introduced in
2.11.5 when V1 trusted CAs began getting allowed by default.
Feel free to use my backport for 3.0.32:
More information about the Gnutls-devel