oss-sec mailing list archives

Re: CVE Request: apt

From: Josh Bressers <bressers () redhat com>
Date: Thu, 20 Oct 2011 13:09:39 -0400 (EDT)

Please use CVE-2011-3634

Thanks.

-- 
    JB

----- Original Message -----

Hello,

Could a CVE please be assigned to the following issue:

Apt before 0.8.11 incorrectly handles the Verify-Host configuration
option, resulting in a successful connection instead of a
verification
failure when the certificate host name doesn't match.

See:

http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353


Thanks,

Marc.

Current thread:

CVE Request: apt Marc Deslauriers (Oct 19)
- Re: CVE Request: apt Josh Bressers (Oct 20)