Ubuntu has issued an advisory on November 29:
Updated package uploaded for Cauldron.
Patched package uploaded for Mageia 1 and Mageia 2.
Updated lynx package fixes security vulnerability:
Lynx does not verify that the server's certificate is signed by a trusted
certification authority, which allows man-in-the-middle attackers to spoof
SSL servers via a crafted certificate, related to improper use of a certain
GnuTLS function (CVE-2012-5821).
Updated packages in core/updates_testing:
No PoC so just checking lynx with https
Testing complete mga2 32 & 64
Tested with properly signed and self signed https
MGA1TOO mga2-32-OK mga2-64-OK
Testing complete mga1 32 & 64 same way
Advisory and srpms for mga1 & 2 in comment 0
Could sysadmin please push from core/updates_testing to core/updates
MGA1TOO mga2-32-OK mga2-64-OK =>
MGA1TOO mga2-32-OK mga2-64-OK mga1-32-OK mga1-64-OK