CVE-2014-8155

Priority
Description
GnuTLS before 2.9.10 does not verify the activation and expiration dates of
CA certificates, which allows man-in-the-middle attackers to spoof servers
via a certificate issued by a CA certificate that is (1) not yet valid or
(2) no longer valid.
Assigned-to
mdeslaur
Notes
tyhicksFixed upstream in 2.9.10
Package
Upstream:released (2.9.10-1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
More Information

Updated: 2020-09-10 03:12:43 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)