Name of the Vulnerable Software and Affected Versions Gentoo Portage version 2.1.12

Description The issue concerns the urlopen function in Gentoo Portage, which fails to verify X.509 certificates from SSL servers when using HTTPS. This allows man-in-the-middle attackers to spoof servers and modify binary package lists by using a crafted certificate.

Recommendations For Gentoo Portage version 2.1.12, consider disabling the urlopen function until a patch is available, or apply configuration changes to enforce certificate verification for HTTPS connections.