Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 16:57:01 +0100
From: Joe Orton <>
Subject: neon 0.28.6 - CVE-2009-2473, CVE-2009-2474

neon 0.28.6 has been released today with two security fixes:

* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
  could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
  a certificate subject name with OpenSSL; could allow an undetected
  MITM attack against an SSL server if a trusted CA issues such a cert.

For more information:

Regards, Joe

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.