oss-sec mailing list archives
Re: More CVE-2009-2408 like issues
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 26 Oct 2009 14:52:36 +0100
On Wed, 23 Sep 2009 11:05:17 +0200 Tomas Hoger <thoger () redhat com> wrote:
On Thu, 3 Sep 2009 16:45:47 +0200 Tomas Hoger <thoger () redhat com> wrote:wget - bunch of relevant links are available in here: https://bugzilla.redhat.com/show_bug.cgi?id=520454Fixed now in upstream version 1.12: http://permalink.gmane.org/gmane.comp.web.wget.general/8972 This and other mentioned in my previous mail (mutt 1.5.19+, possibly pre-1.5.19 too, but many are likely to wontfix that; OpenLDAP with openssl) should probably get CVE.
For posterity: - wget got CVE-2009-3490 - mutt CVE-2009-2408-like issue got CVE-2009-3765 - mutt missing name checks in pre-1.5.19 got CVE-2009-3766 (only 1.5.16 is mentioned in the CVE description atm) - openldap got CVE-2009-3767 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Re: More CVE-2009-2408 like issues Tomas Hoger (Oct 26)