Mangelnde Prüfung von Zertifikaten in mingw-gnutls
ID: | FEDORA-2014-3493 |
Distribution: | Fedora |
Plattformen: | Fedora 19 |
Datum: | So, 16. März 2014, 12:45 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 |
Applikationen: | GNU Transport Layer Security Library |
Originalnachricht |
|
Name : mingw-gnutls Product : Fedora 19 Version : 3.1.22 Release : 1.fc19 URL : http://www.gnutls.org/ Summary : MinGW GnuTLS TLS/SSL encryption library Description : GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. -------------------------------------------------------------------------------- Update Information: Version 3.1.22 (released 2014-03-03) * libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2) * libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw when provided with invalid data. Reported by Dmitriy Anisimkov. * libgnutls: Corrected timeout issue in subsequent to the first DTLS handshakes. * libgnutls: Removed unconditional not-trusted message in gnutls_certificate_verification_status_print() when used with OpenPGP certificates. Reported by Michel Briand. * libgnutls: All ciphersuites that were available in TLS1.0 or later are now made available in SSL3.0 or later to prevent any incompatibilities with servers that negotiate them in SSL 3.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Michael Cronenworth |