I'm seeing this in the release notes for the latest release of sendmail, plus a
customers
PCI scan is reporting this as a problem. I know many of these scans tend to do version
string checks and don't actually check if the problem is possible to exploit, but I just
wanted your thoughts on if this is something the security team feels it needs
to deal with
or not?
-Phil.
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
