Fri, 30 Aug 2024 19:33:36 -0500
Update the plugins page for the new process
This includes defining the process and providing a template for a new issue to
add new plugins. I did go through and audit `No IRC /WHO` so we had at least
one validated entry.
Testing Done:
Ran `npm run hugo:server` locally and verified the page worked and checked the new links.
Bugs closed: NEST-53
Reviewed at https://reviews.imfreedom.org/r/3450/
--- title: cve-2014-3694-00 date: 2014-10-22T00:00:00.000Z cveNumber: cve-2014-3694 summary: Insufficient SSL certificate validation discoveredBy: | An anonymous person and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability fixedInRelease: 2.10.10 type: security layout: cve hidden: true --- ### Description Both of libpurple's bundled SSL/TLS plugins (one for GnuTLS and one for NSS) failed to check that the Basic Constraints extension allowed intermediate certificates to act as CAs. This allowed anyone with any valid certificate to create a fake certificate for any arbitrary domain and Pidgin would trust it. ### Mitigation Both bundled plugins were changed to check the Basic Constraints extension on all intermediate CA certificates.