Hi Michal, hi Luis
On Mon, Apr 22, 2013 at 08:44:25PM +0200, Michal Trojnara wrote:
> On 2013-04-22 20:02, Salvatore Bonaccorso wrote:
> > Unfortunately stunnel4 package cannot be updated to latest upstream
> > version due to the freeze and wheezy beeing relased very soon. So the
> > version based
On 2013-04-22 20:02, Salvatore Bonaccorso wrote:
> Unfortunately stunnel4 package cannot be updated to latest upstream
> version due to the freeze and wheezy beeing relased very soon. So the
> version based on 4.53 needs to be patched.
I think the patch correctly addresses this specific security is
Thank you very very much for this, Salvatore.
Please prepare the NMU, but hold off on it for upstream's opinion. Also, please
try to engage the security team. Unless you're part of it, of course ;-)
On Apr 22, 2013, at 11:02 AM, Salvatore Bonaccorso wrote:
> Control: tags 702267 + patch
>
> Hi
Control: tags 702267 + patch
Hi Michal
On Thu, Apr 18, 2013 at 08:35:10AM +0200, Michal Trojnara wrote:
> This is a security vulnerability that may result in remote code
> execution. It should be fixed immediately.
>
> Current stunnel Debian package is based on stunnel 4.53. This upstream
> ve
Processing control commands:
> tags 702267 + patch
Bug #702267 [stunnel] stunnel: CVE-2013-1762 buffer overflow in TLM
authentication of the CONNECT protocol negotiation
Added tag(s) patch.
--
702267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702267
Debian Bug Tracking System
Contact ow.
Hi,
This is a security vulnerability that may result in remote code
execution. It should be fixed immediately.
Current stunnel Debian package is based on stunnel 4.53. This upstream
version is over a year old.
Please update the package to stunnel 4.56. This version seems to be
very stable.
B
6 matches
Mail list logo
