HGKeeper

Fix the date on the 2023 Q3 state of the bird
default tip
3 weeks ago, Gary Kramlich

4a261d8e9db1

Fix the date on the 2023 Q3 state of the bird

Testing Done:
Eyeball tests.

Reviewed at https://reviews.imfreedom.org/r/2791/

---

title: cve-2014-3694-00

date: 2014-10-22T00:00:00.000Z

cveNumber: cve-2014-3694

summary: Insufficient SSL certificate validation

discoveredBy: |

An anonymous person and Jacob Appelbaum of the Tor Project, with thanks to

Moxie Marlinspike for first publishing about this type of vulnerability

fixedInRelease: 2.10.10

type: security

layout: cve

hidden: true

---

### Description

Both of libpurple's bundled SSL/TLS plugins (one for GnuTLS and one for NSS)

failed to check that the Basic Constraints extension allowed intermediate

certificates to act as CAs. This allowed anyone with any valid certificate to

create a fake certificate for any arbitrary domain and Pidgin would trust it.

### Mitigation

Both bundled plugins were changed to check the Basic Constraints extension on

all intermediate CA certificates.