portage: certificate verification botch
| Package(s): | portage | CVE #(s): | CVE-2013-2100 | ||||
| Created: | July 10, 2015 | Updated: | July 15, 2015 | ||||
| Description: | From the Gentoo advisory:
Portage does not verify X.509 SSL certificate properly if HTTPS is used. A remote attacker can spoof servers and modify binary package lists via specially crafted certificate. | ||||||
| Alerts: |
| ||||||