Re: More CVE-2009-2408 like issues

[Tomas Hoger <thoger () redhat com>]

On Wed, 23 Sep 2009 11:05:17 +0200 Tomas Hoger <thoger () redhat com>
wrote:

> On Thu, 3 Sep 2009 16:45:47 +0200 Tomas Hoger <thoger () redhat com>
> wrote:
>
> > wget - bunch of relevant links are available in here:
> >   https://bugzilla.redhat.com/show_bug.cgi?id=520454
>
> Fixed now in upstream version 1.12:
>   http://permalink.gmane.org/gmane.comp.web.wget.general/8972
>
> This and other mentioned in my previous mail (mutt 1.5.19+, possibly
> pre-1.5.19 too, but many are likely to wontfix that; OpenLDAP with
> openssl) should probably get CVE.

For posterity:
- wget got CVE-2009-3490
- mutt CVE-2009-2408-like issue got CVE-2009-3765
- mutt missing name checks in pre-1.5.19 got CVE-2009-3766 (only 1.5.16
  is mentioned in the CVE description atm)
- openldap got CVE-2009-3767

-- 
Tomas Hoger / Red Hat Security Response Team