tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Recent stunnel vulnerability too general
Hi,
audit-packages(8) has an entry for an stunnel vulnerability
stunnel<4.24 accepts-revoked-ocsp-cert \
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2420
which should be restricted to v4.16 .. v4.23, since it concerns OCSP
functionality that e.g. wip/stunnel3 does not have.
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-3281
Home |
Main Index |
Thread Index |
Old Index