Red Hat Bugzilla – Bug 1308851
CVE-2016-2402 okhttp: certificate pining bypass
Last modified: 2016-02-29 17:23:22 EST
A vulnerability was discovered in OkHttp that allows an attacker to bypass
certificate pinning. OkHttp did not validate that the pinned certificate
was in the chain to a trusted certificate authority.
Created okhttp tracking bugs for this issue:
Affects: fedora-all [bug 1308853]
okhttp-2.7.4-1.fc23, okio-1.6.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.