oss-sec mailing list archives

Re: CVE Request: libesmtp does not check NULL bytes in commonName

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Tue, 16 Mar 2010 14:28:49 +0100

Brian Stafford wrote:

Ludwig Nussel wrote:

Brian Stafford wrote:

I think the best approach is to apply Pawel's patch as this is the


I must have missed that patch. Could you re-post it?

It's available at https://bugzilla.redhat.com/attachment.cgi?id=399131


Doesn't that lack a null byte check for subjAltNames?

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 10)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)

(Thread continues...)