SoylentNews

FuckBeta [soylentnews.org] writes:

GnuTLS certificate verification vulnerability announced [gnutls.org] (CVE-2014-0092)

"It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker."

What uses GNU TLS?
    git
    emacs + email/nntp
    wget
    vlc
    network-manager
    mutt
    empathy
    and many more (including libcurl3-gnutls — however just because a package links to gnutls does not mean it is definitely affected by this vulnerability)

---

Original Submission