Candidate: CVE-2020-35733
PublicDate: 2021-01-15 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733
 https://erlang.org/pipermail/erlang-questions/2021-January/100357.html
Description:
 An issue was discovered in Erlang/OTP before 23.2.2. The ssl application
 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted
 root Certification Authority.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_erlang:
upstream_erlang: released (1:23.2.2+dfsg-1)
precise/esm_erlang: DNE
trusty_erlang: ignored (out of standard support)
trusty/esm_erlang: not-affected (1:16.b.3-dfsg-1ubuntu2)
xenial_erlang: not-affected (1:18.3-dfsg-1ubuntu3)
esm-infra/xenial_erlang: not-affected (1:18.3-dfsg-1ubuntu3)
bionic_erlang: not-affected (1:20.2.2+dfsg-1ubuntu2)
focal_erlang: not-affected (1:22.2.7+dfsg-1)
groovy_erlang: not-affected (1:23.0.3+dfsg-1ubuntu1)
devel_erlang: not-affected (1:23.2.2+dfsg-1)