VulnerableCode Package Details - pkg:deb/debian/gnutls26@2.12.20-8%2Bdeb7u5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4p9b-sbpx-jfdj	security update	CVE-2015-8313
VCID-7e5p-aazx-tffp		CVE-2013-2116
VCID-7svy-v5cp-u3fd	Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2.	CVE-2015-7575
VCID-99hm-5jbk-pyhe		CVE-2015-0282
VCID-jrwh-9nw8-m7fd		CVE-2014-0092
VCID-wb6p-qxqh-7yh3		CVE-2014-3466
VCID-xyrw-13hg-97ba		CVE-2014-1959
VCID-zg6w-4zts-rqbk	GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.	CVE-2015-0294

Vulnerability

Summary

Aliases

VCID-4p9b-sbpx-jfdj

security update

CVE-2015-8313

VCID-7e5p-aazx-tffp

CVE-2013-2116

VCID-7svy-v5cp-u3fd

Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2.

CVE-2015-7575

VCID-99hm-5jbk-pyhe

CVE-2015-0282

VCID-jrwh-9nw8-m7fd

CVE-2014-0092

VCID-wb6p-qxqh-7yh3

CVE-2014-3466

VCID-xyrw-13hg-97ba

CVE-2014-1959

VCID-zg6w-4zts-rqbk

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

CVE-2015-0294

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T09:40:41.602302+00:00	Debian Oval Importer	Fixing	VCID-4p9b-sbpx-jfdj	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:36:39.056331+00:00	Debian Oval Importer	Fixing	VCID-xyrw-13hg-97ba	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:36:00.676417+00:00	Debian Oval Importer	Fixing	VCID-7svy-v5cp-u3fd	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:32:41.705916+00:00	Debian Oval Importer	Fixing	VCID-zg6w-4zts-rqbk	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:32:19.698153+00:00	Debian Oval Importer	Fixing	VCID-99hm-5jbk-pyhe	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:25:53.435637+00:00	Debian Oval Importer	Fixing	VCID-wb6p-qxqh-7yh3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:24:48.196247+00:00	Debian Oval Importer	Fixing	VCID-jrwh-9nw8-m7fd	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:21:29.229724+00:00	Debian Oval Importer	Fixing	VCID-7e5p-aazx-tffp	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0