[3.2] gnutls: Incorrect certificate validation when using OCSP responses (CVE-2016-7444)
It was found an issue in certificate validation using OCSP responses
caused by
not verifying the serial length, which can falsely report a certificate
as valid.
Reference:
https://www.gnutls.org/security.html
Patch:
https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
(from redmine: issue id 6232, created on 2016-09-28, closed on 2016-10-25)
- Relations:
- parent #6229 (closed)
- Changesets:
- Revision 3c67fa35 on 2016-10-19T08:51:59Z:
main/gnutls: security fix (CVE-2016-7444). Fixes #6232