Date: Tue, 18 Aug 2009 16:57:01 +0100 From: Joe Orton <jorton@...hat.com> To: oss-security@...ts.openwall.com Subject: neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 neon 0.28.6 has been released today with two security fixes: * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; could allow a Denial of Service attack by a malicious server. * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name with OpenSSL; could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. For more information: http://www.webdav.org/neon/ http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html Regards, Joe
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.