HGKeeper

Add an alias for /development/wiki/GetABacktrace to the debugging page
default tip
2 weeks ago, Gary Kramlich

1f078d295019

Add an alias for /development/wiki/GetABacktrace to the debugging page

Testing Done:
Ran `npm hugo:server` and verified that `/development/wiki/GetABacktrace` redirected to `/development/debugging'

Reviewed at https://reviews.imfreedom.org/r/3029/

---

title: cve-2014-3694-00

date: 2014-10-22T00:00:00.000Z

cveNumber: cve-2014-3694

summary: Insufficient SSL certificate validation

discoveredBy: |

An anonymous person and Jacob Appelbaum of the Tor Project, with thanks to

Moxie Marlinspike for first publishing about this type of vulnerability

fixedInRelease: 2.10.10

type: security

layout: cve

hidden: true

---

### Description

Both of libpurple's bundled SSL/TLS plugins (one for GnuTLS and one for NSS)

failed to check that the Basic Constraints extension allowed intermediate

certificates to act as CAs. This allowed anyone with any valid certificate to

create a fake certificate for any arbitrary domain and Pidgin would trust it.

### Mitigation

Both bundled plugins were changed to check the Basic Constraints extension on

all intermediate CA certificates.

pidgin/nest