[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, Mar 06, 2014 at 07:08:13PM +0000, Mark Evans wrote: > Whilst the headline says "Linux" the article is about GnuTLS which > isn't specific to Linux. It also says a "similar error" to the IOS/OSX > one recently revealed. Not impossible that these are the same issue. If > the Apple and GNU code share history or developers. They are different issues. It's just a big coincidence that they both revolved around incorrect 'goto' statements in the C source code and that they both meant that SSL/TLS certificates weren't verified. See: http://threatpost.com/goto-aside-gnutls-and-apple-bugs-are-not-the-same/104626 Apart from the fact that apparently people didn't read the source code as much as they should (or as wel assume they do), what I find slightly worrying is that no one had drawn conclusions from not getting certificate errors. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq