Package: gnutls26 Severity: grave Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were published for gnutls26. CVE-2009-1417[0]: | gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and | expiration times of X.509 certificates, which allows remote attackers | to successfully present a certificate that is (1) not yet valid or (2) | no longer valid, related to lack of time checks in the | _gnutls_x509_verify_certificate function in lib/x509/verify.c in | libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. Note that this is fixed in 2.6.6-1 in unstable. Please coordinate with the security team (t...@security.debian.org) to prepare updates for the stable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 http://security-tracker.debian.net/tracker/CVE-2009-1417 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
