oss-sec mailing list archives

Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass

From: "Matthias Andree" <matthias.andree () gmx de>
Date: Thu, 06 Aug 2009 02:19:31 +0200

Am 05.08.2009, 20:13 Uhr, schrieb Steven M. Christey<coley () linus mitre org>:

So use CVE-2009-2666 for fetchmail (I'll fill it in later) and Tomas,even if it results in dozens of CVEs, I suspect this is how we should go.


Thank you.

http://www.fetchmail.info/fetchmail-SA-2009-01.txt

--
Matthias Andree

Current thread:

CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree (Aug 05)
- Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger (Aug 05)
  - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree (Aug 05)
    - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Steven M. Christey (Aug 05)
    - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger (Aug 05)
    - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree (Aug 05)
    - Re: "umbrella" CVE names (was: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass) Matthias Andree (Aug 21)
    - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger (Aug 05)
  - Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Henri Salo (Aug 05)