DEBIAN-CVE-2014-0092

Description

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected Systems

• debian•gnutls28

  < 3.2.11-2 | < 3.2.11-2 | < 3.2.11-2 | < 3.2.11-2

References (1)

• https://security-tracker.debian.org/tracker/CVE-2014-0092