Your message dated Sat, 31 Jan 2015 10:49:24 -0500
with message-id <20150131154924.ga9...@aerie.jexium-island.net>
and subject line re: #752610 lynx: Can connect to CVE-2014-0092 test site
has caused the Debian Bug report #752610,
regarding lynx: Can connect to CVE-2014-0092 test site
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
752610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lynx-cur, libgnutls26
Severity: serious
Tags: security
Hi,
There is a test site for checking the gnutls bug:
https://gnutls.notary.icsi.berkeley.edu/
I can connect to it and get the message:
If you see this without getting a certificate error you are
vulnerable against the GnuTLS bug
I can reproduce this with the following combinations:
stable:
ii libgnutls26:amd64 2.12.20-8+deb7u2
ii lynx-cur 2.8.8dev.12-2
And testing:
ii libgnutls26:amd64 2.12.23-16
ii lynx-cur 2.8.8pre5-1
Using gnutls-bin gnutls-bin 3.0.22-3+really2.12.20-8+deb7u2 I also
get:
$ gnutls-cli -p 443 gnutls.notary.icsi.berkeley.edu --x509cafile
/etc/ssl/certs/ca-certificates.crt
Processed 159 CA certificate(s).
Resolving 'gnutls.notary.icsi.berkeley.edu'...
Connecting to '192.150.187.13:443'...
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
While with 3.3.2-2 I get:
$ gnutls-cli -p 443 gnutls.notary.icsi.berkeley.edu --x509cafile
/etc/ssl/certs/ca-certificates.crt
Processed 168 CA certificate(s).
Resolving 'gnutls.notary.icsi.berkeley.edu'...
Connecting to '192.150.187.13:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=gnutls.notary.icsi.berkeley.edu,OU=ICSI GnuTLS Crt,O=ICSI GnuTLS
Test Cert.', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\,
Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure
Certification Authority,serialNumber=07969287', RSA key 2048 bits, signed using
RSA-SHA1, activated `2010-08-28 14:51:35 UTC', expires `2015-08-28 14:51:35
UTC', SHA-1 fingerprint `b20c942cd0dd72cd5a02b697ba6862064727f3d9'
Public Key ID:
c9952718d6b2c42cd432b9d8c0f0730ab3286c9d
Public key's random art:
+--[ RSA 2048]----+
| .o ..=o. |
| .o =.*o.. |
| o o+.*.o+ . |
|...+o+o..o o |
|oo.E. S |
|o |
| |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\,
Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure
Certification Authority,serialNumber=07969287', issuer `C=US,O=The Go Daddy
Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key 2048 bits,
signed using RSA-SHA1, activated `2006-11-16 01:54:37 UTC', expires `2026-11-16
01:54:37 UTC', SHA-1 fingerprint `7c4656c3061f7f4c0d67b319a855f60ebc11fc44'
- Status: The certificate is NOT trusted. The certificate issuer is not a CA.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
The 3.3.2-2 version is linked to libgnutls28 of course.
Kurt
--- End Message ---
--- Begin Message ---
The report/discussion appears to be the same as #745835, and I merged them
for that reason. The original report is unreproducible, because the test
site is gone. closing.
--
Thomas E. Dickey <dic...@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature
--- End Message ---
