On 03/05/14 14:18, Heinz Diehl wrote: > On 05.03.2014, Matthew Miller wrote: > >> https://admin.fedoraproject.org/updates/FEDORA-2014-3413/gnutls-3.1.20-4.fc20 >> https://admin.fedoraproject.org/updates/FEDORA-2014-3363/gnutls-3.1.20-4.fc19 > Do they fix the bug? > Well.... The article pointed to by poc states.... GnuTLS developers published this bare-bones advisory that urges all users to upgrade to version 3.2.12. The flaw, formally indexed as CVE-2014-0092, is described by a GnuTLS developer as "an important (and at the same time embarrassing) bug discovered during an audit for Red Hat." Debian's advisory is here. And the links above state.... Bugs Fixed 1069865 - CVE-2014-0092: gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) 1071795 - CVE-2014-0092: gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) [fedora-all] So....... -- Getting tired of non-Fedora discussions and self-serving posts -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
