Bug#541439: CVE-2009-2730: does not properly handle a '\0' character
giuseppe at iuculano.it
Fri Aug 14 08:39:08 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnutls26.
| libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
| character in a domain name in the subject's (1) Common Name (CN) or
| (2) Subject Alternative Name (SAN) field of an X.509 certificate,
| which allows man-in-the-middle attackers to spoof arbitrary SSL
| servers via a crafted certificate issued by a legitimate Certification
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Could you check if gnutls13 is affected please?
For further information see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Pkg-gnutls-maint