From https://bugzilla.redhat.com/show_bug.cgi?id=873262 : Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5821 to the following vulnerability: Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. References: [1] http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf [2] https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html [3] http://www.sigsac.org/ccs/CCS2012/techprogram.shtml
CVE-2012-5821 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5821): Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
Arches, please stabilize: =www-client/lynx-2.8.8_rc1 Target arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
amd64 stable
ppc stable
ppc64 stable
alpha stable
x86 stable
sparc stable
arm stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: no
GLSA vote: no Waiting for cleanup
(In reply to Sergey Popov from comment #13) > Waiting for cleanup Done.
Maintainer(s), Thank you for cleanup!