Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Aug 2014 12:27:02 -0400 (EDT)
From: Arun Babu Neelicattu <abn@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Multiple issues in com.ning:async-http-client

Hi,

We noticed these issues were filed upstream and were never assigned 
CVE(s). Can we please get CVE(s) assigned to the following issues 
please?

1. async-http-client: SSL/TLS certificate verification disabled
https://github.com/AsyncHttpClient/async-http-client/issues/352

2. async-http-client: No SSL HostName verification
https://github.com/AsyncHttpClient/async-http-client/issues/197

Cheers,
Arun
-- 
Arun Neelicattu / Red Hat Product Security
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ