PublicDateAtUSN: 2014-03-03
Candidate: CVE-2014-0092
CRD: 2014-03-03
PublicDate: 2014-03-07 00:10:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
 http://gnutls.org/security.html#GNUTLS-SA-2014-2
 https://ubuntu.com/security/notices/USN-2127-1
Description:
 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not
 properly handle unspecified errors when verifying X.509 certificates from
 SSL servers, which allows man-in-the-middle attackers to spoof servers via
 a crafted certificate.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Nikos Mavrogiannopoulos
Assigned-to: mdeslaur
CVSS: 

Patches_gnutls26:
 upstream: https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
upstream_gnutls26: needs-triage
lucid_gnutls26: released (2.8.5-2ubuntu0.5)
precise_gnutls26: released (2.12.14-5ubuntu3.7)
precise/esm_gnutls26: released (2.12.14-5ubuntu3.7)
quantal_gnutls26: released (2.12.14-5ubuntu4.6)
saucy_gnutls26: released (2.12.23-1ubuntu4.2)
trusty_gnutls26: released (2.12.23-12ubuntu2)
trusty/esm_gnutls26: released (2.12.23-12ubuntu2)
utopic_gnutls26: released (2.12.23-12ubuntu2)
vivid_gnutls26: DNE
vivid/stable-phone-overlay_gnutls26: DNE
vivid/ubuntu-core_gnutls26: DNE
wily_gnutls26: DNE
xenial_gnutls26: DNE
yakkety_gnutls26: DNE
zesty_gnutls26: DNE
devel_gnutls26: DNE

Patches_gnutls28:
upstream_gnutls28: released (3.1.22,3.2.12)
lucid_gnutls28: DNE
precise_gnutls28: ignored (reached end-of-life)
precise/esm_gnutls28: DNE (precise was needed)
quantal_gnutls28: ignored (reached end-of-life)
saucy_gnutls28: ignored (reached end-of-life)
trusty_gnutls28: not-affected (3.2.11-2ubuntu1)
trusty/esm_gnutls28: DNE (trusty was not-affected [3.2.11-2ubuntu1])
utopic_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid/stable-phone-overlay_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid/ubuntu-core_gnutls28: not-affected (3.2.11-2ubuntu1)
wily_gnutls28: not-affected (3.2.11-2ubuntu1)
xenial_gnutls28: not-affected (3.2.11-2ubuntu1)
esm-infra/xenial_gnutls28: not-affected (3.2.11-2ubuntu1)
yakkety_gnutls28: not-affected (3.2.11-2ubuntu1)
zesty_gnutls28: not-affected (3.2.11-2ubuntu1)
devel_gnutls28: not-affected (3.2.11-2ubuntu1)