Fix the date on the 2023 Q3 state of the bird
default tip
3 weeks ago, Gary Kramlich
Fix the date on the 2023 Q3 state of the bird

Testing Done:
Eyeball tests.

Reviewed at
title: cve-2014-3694-00
date: 2014-10-22T00:00:00.000Z
cveNumber: cve-2014-3694
summary: Insufficient SSL certificate validation
discoveredBy: |
An anonymous person and Jacob Appelbaum of the Tor Project, with thanks to
Moxie Marlinspike for first publishing about this type of vulnerability
fixedInRelease: 2.10.10
type: security
layout: cve
hidden: true
### Description
Both of libpurple's bundled SSL/TLS plugins (one for GnuTLS and one for NSS)
failed to check that the Basic Constraints extension allowed intermediate
certificates to act as CAs. This allowed anyone with any valid certificate to
create a fake certificate for any arbitrary domain and Pidgin would trust it.
### Mitigation
Both bundled plugins were changed to check the Basic Constraints extension on
all intermediate CA certificates.