PublicDateAtUSN: 2014-12-31
Candidate: CVE-2014-8155
PublicDate: 2015-08-14 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8155
 https://ubuntu.com/security/notices/USN-2540-1
Description:
 GnuTLS before 2.9.10 does not verify the activation and expiration dates of
 CA certificates, which allows man-in-the-middle attackers to spoof servers
 via a certificate issued by a CA certificate that is (1) not yet valid or
 (2) no longer valid.
Ubuntu-Description:
Notes:
 tyhicks> Fixed upstream in 2.9.10
Bugs:
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_gnutls26:
 upstream: https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
upstream_gnutls26: released (2.9.10-1)
lucid_gnutls26: released (2.8.5-2ubuntu0.7)
precise_gnutls26: not-affected (2.12.14-5ubuntu3.8)
trusty_gnutls26: not-affected
trusty/esm_gnutls26: not-affected
utopic_gnutls26: not-affected
devel_gnutls26: not-affected

Patches_gnutls28:
upstream_gnutls28: not-affected
lucid_gnutls28: DNE
precise_gnutls28: not-affected (3.0.11-1ubuntu2)
trusty_gnutls28: not-affected
trusty/esm_gnutls28: DNE (trusty was not-affected)
utopic_gnutls28: not-affected
devel_gnutls28: not-affected