Hi,
Am Sonntag, den 20.01.2013, 17:21 +0100 schrieb Vincent Hanquez:
On Sun, Jan 20, 2013 at 11:01:22AM +0100, Joachim Breitner wrote:
Debian ships tls-extras 0.4.6 in what will become wheezy, and due to the
freeze upgrading to a new major upstream release is not acceptable.
Would it
On Sun, Jan 20, 2013 at 08:27:07PM +0100, Alexander Kjeldaas wrote:
Regarding testing, it looks like the Tests directory hasn't been updated to
cover this bug. What would really give confidence is a set of tests
encoding fixed security vulnerabilities in OpenSSL (and similar libraries).
That
Hi,
Am Sonntag, den 20.01.2013, 06:50 +0100 schrieb Vincent Hanquez:
this is a security advisory for tls-extra 0.6.1 which are all vulnerable to
bad
certificate validation.
Some part of the certificate validation procedure were missing (relying on the
work-in-progress x509 v3
On Sun, Jan 20, 2013 at 11:01:22AM +0100, Joachim Breitner wrote:
Debian ships tls-extras 0.4.6 in what will become wheezy, and due to the
freeze upgrading to a new major upstream release is not acceptable.
Would it be possible for you to create a 0.4.6.1 with this bugfix
included?
(wow,
On Sun, Jan 20, 2013 at 6:50 AM, Vincent Hanquez t...@snarc.org wrote:
Hi cafe,
this is a security advisory for tls-extra 0.6.1 which are all vulnerable
to bad
certificate validation.
Some part of the certificate validation procedure were missing (relying on
the
work-in-progress x509 v3
Hi cafe,
this is a security advisory for tls-extra 0.6.1 which are all vulnerable to
bad
certificate validation.
Some part of the certificate validation procedure were missing (relying on the
work-in-progress x509 v3 extensions), and because of this anyone with a correct
end-entity certificate