Re: Recent stunnel vulnerability too general

To: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Subject: Re: Recent stunnel vulnerability too general
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Mon, 14 Jul 2008 13:19:45 +0200

On Mon, 14 Jul 2008 11:28:44 +0200
Hauke Fath <hf%spg.tu-darmstadt.de@localhost> wrote:

> audit-packages(8) has an entry for an stunnel vulnerability
> 
> stunnel<4.24  accepts-revoked-ocsp-cert \
>       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2420
> 
> which should be restricted to v4.16 .. v4.23, since it concerns OCSP 
> functionality that e.g. wip/stunnel3 does not have.

Fixed, thanks.

-Tobias

References:
- Recent stunnel vulnerability too general
  - From: Hauke Fath

Prev by Date: Recent stunnel vulnerability too general
Next by Date: p5-* modules and DEPEND for tests
Previous by Thread: Recent stunnel vulnerability too general
Next by Thread: p5-* modules and DEPEND for tests
Indexes:

Home | Main Index | Thread Index | Old Index