oss-sec mailing list archives
neon 0.28.6 - CVE-2009-2473, CVE-2009-2474
From: Joe Orton <jorton () redhat com>
Date: Tue, 18 Aug 2009 16:57:01 +0100
neon 0.28.6 has been released today with two security fixes: * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; could allow a Denial of Service attack by a malicious server. * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name with OpenSSL; could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. For more information: http://www.webdav.org/neon/ http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html Regards, Joe
Current thread:
- neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton (Aug 18)
- Re: neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton (Aug 20)