File _patchinfo of Package patchinfo.254

<patchinfo incident="gnutls">
  <packager>lijews</packager>
  <issue tracker="cve" id="CVE-2013-1619"></issue>
  <issue tracker="cve" id="CVE-2014-0092"></issue>
  <issue tracker="bnc" id="865804">VUL-0: CVE-2014-0092: gnutls: insufficient X.509 certificate verification</issue>
  <category>security</category>
  <rating>critical</rating>
  <summary>gnutls: security update</summary>
  <description>The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not.
Also the TLS-CBC timing attack vulnerability was fixed.</description>
</patchinfo>