Your submission was sent successfully! Close

CVE-2014-8155

Published: 31 December 2014

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

Priority

Low

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
lucid
Released (2.8.5-2ubuntu0.7)
precise Not vulnerable
(2.12.14-5ubuntu3.8)
trusty Not vulnerable

upstream
Released (2.9.10-1)
utopic Not vulnerable

gnutls28
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(3.0.11-1ubuntu2)
trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

utopic Not vulnerable