forwarded 572960 libes...@stafford.uklinux.net tags 572960 upstream thanks Brian,
I've had this bug [1] filed and given a grave status as it relates to
NULL bytes in the commonNames of certificates. I've not tried to dig
into it myself as I'm not that familiar with it but was merely
forwarding it on to you to look into. This has been assigned
CVE-2010-1192 and shows vulnerable in every version of libESMTP that is
within the Debian mirrors (1.0.3 and 1.0.4).
Regards,
Jeremy
1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572960
On 05/28/2010 01:45 AM, Salvatore Bonaccorso wrote:
> Hi all
>
> On Fri, May 28, 2010 at 03:29:42AM +0200, Alexander Sack wrote:
>> Any update on this security issue?
>
> There was an ongoing discussion about that, in [1] still. RedHat
> Bugtracker has two proposed patches too [2,3,4].
>
> [1] http://thread.gmane.org/gmane.comp.security.oss.general/2637
> [2] https://bugzilla.redhat.com/attachment.cgi?id=399130&action=diff
> [3] https://bugzilla.redhat.com/attachment.cgi?id=399131&action=diff
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=571817
>
> Some comments on this?
>
> Bests
> Salvatore
signature.asc
Description: OpenPGP digital signature
