forwarded 572960 libes...@stafford.uklinux.net
tags 572960 upstream
thanks
Brian,
I've had this bug [1] filed and given a grave status as it relates to
NULL bytes in the commonNames of certificates. I've not tried to dig
into it myself as I'm not that familiar with it but was merely
forwarding it on to you to look into. This has been assigned
CVE-2010-1192 and shows vulnerable in every version of libESMTP that is
within the Debian mirrors (1.0.3 and 1.0.4).
Regards,
Jeremy
1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572960
On 05/28/2010 01:45 AM, Salvatore Bonaccorso wrote:
Hi all
On Fri, May 28, 2010 at 03:29:42AM +0200, Alexander Sack wrote:
Any update on this security issue?
There was an ongoing discussion about that, in [1] still. RedHat
Bugtracker has two proposed patches too [2,3,4].
[1] http://thread.gmane.org/gmane.comp.security.oss.general/2637
[2] https://bugzilla.redhat.com/attachment.cgi?id=399130action=diff
[3] https://bugzilla.redhat.com/attachment.cgi?id=399131action=diff
[4] https://bugzilla.redhat.com/show_bug.cgi?id=571817
Some comments on this?
Bests
Salvatore
signature.asc
Description: OpenPGP digital signature
