{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0551",
  "published": "2014-12-26T17:04:58Z",
  "modified": "2014-12-26T16:56:37Z",
  "summary": "Updated not-yet-commons-ssl packages fix CVE-2014-3604",
  "details": "Updated not-yet-commons-ssl packages fixes security vulnerability:\n\nIt was discovered that the implementation used by the Not Yet Commons SSL\nproject to check that the server hostname matches the domain name in the\nsubject's CN field was flawed. This can be exploited by a Man-in-the-middle\n(MITM) attack, where the attacker can spoof a valid certificate using a\nspecially crafted subject (CVE-2014-3604).\n",
  "upstream": [
    "CVE-2014-3604"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0551.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=14175"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138550.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "not-yet-commons-ssl",
        "purl": "pkg:rpm/mageia/not-yet-commons-ssl?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}