On June 28, 2010 at 7:31PM +0200,
jmm (at debian.org) wrote:
> Package: w3m
> Severity: grave
> Tags: security
>
> Hi,
> several applications fail to correct SSL certificates properly
> and w3m is among them:
> http://www.openwall.com/lists/oss-security/2010/06/14/4
>
> This has been assigned CVE-
tags 587445 + patch
thanks
CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
https://bugzilla.redhat.com/show_bug.cgi?id=604855#c2
> check for null bytes in CN/subjAltName
>
> Patch provided by Ludwig Nussel from the SUSE security team.
--
Regards,
dai
GPG Fingerprint = 0B2
Package: w3m
Severity: grave
Tags: security
Hi,
several applications fail to correct SSL certificates properly
and w3m is among them:
http://www.openwall.com/lists/oss-security/2010/06/14/4
This has been assigned CVE-2010-2074.
The impact of this bug doesn't warrant a DSA, but you can still
fix
3 matches
Mail list logo
