oss-sec mailing list archives
CVE request: perl-IO-Socket-SSL certificate hostname compare bug
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 28 Aug 2009 09:20:22 +0200
Hi, IO-Socket-SSL was released a while ago with a security fix: http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes v1.26 2009.07.03 - SECURITY BUGFIX! fix Bug in verify_hostname_of_cert where it matched only the prefix for the hostname when no wildcard was given, e.g. www.example.org matched against a certificate with name www.exam in it Thanks to MLEHMANN for reporting cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: perl-IO-Socket-SSL certificate hostname compare bug Ludwig Nussel (Aug 28)
- Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich (Aug 29)
- Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger (Aug 31)
- Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich (Aug 31)
- Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger (Aug 31)
- Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich (Aug 31)
- Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger (Aug 31)
- Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich (Aug 29)