Candidate: CVE-2014-3604
PublicDate: 2014-10-25 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3604
 http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
Description:
 Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly
 verify that the server hostname matches a domain name in the subject's
 Common Name (CN) field of the X.509 certificate, which allows
 man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
 certificate.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_not-yet-commons-ssl:
upstream_not-yet-commons-ssl: released (0.3.15-1)
lucid_not-yet-commons-ssl: DNE
precise_not-yet-commons-ssl: DNE
precise/esm_not-yet-commons-ssl: DNE
trusty_not-yet-commons-ssl: DNE
trusty/esm_not-yet-commons-ssl: DNE
utopic_not-yet-commons-ssl: ignored (reached end-of-life)
vivid_not-yet-commons-ssl: ignored (reached end-of-life)
vivid/stable-phone-overlay_not-yet-commons-ssl: DNE
vivid/ubuntu-core_not-yet-commons-ssl: DNE
wily_not-yet-commons-ssl: ignored (reached end-of-life)
xenial_not-yet-commons-ssl: not-affected (0.3.15-1)
yakkety_not-yet-commons-ssl: ignored (reached end-of-life)
zesty_not-yet-commons-ssl: ignored (reached end-of-life)
artful_not-yet-commons-ssl: ignored (reached end-of-life)
bionic_not-yet-commons-ssl: DNE
cosmic_not-yet-commons-ssl: DNE
devel_not-yet-commons-ssl: DNE