I didn't know about this problem with the certificate. Sounds easy to fix, maybe just check certificate signature, and give a warning if mismatch? what do you think?
---------- Forwarded message ---------- From: Jan Lieskovsky <jlies...@redhat.com> Date: Mon, Mar 8, 2010 at 6:31 PM Subject: Regarding aMSN SSL Certificate Validation Security Bypass issue To: "Alvaro J. Iradier Muro" <airad...@users.sourceforge.net> Hi Alvaro, this is due: [1] http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html [2] http://seclists.org/bugtraq/2009/Jun/239 Noticed aMSN 0.98.3 was released today: [3] http://www.amsn-project.net/blog/2010/03/amsn-0-98-3-released/ but i can't see patch for [1] in it, so wanted to check the state of it with you -- is the aMSN upstream planning to address this issue? (Or has it already been addressed and i just overlooked the change?) Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team -- (:=================================:) Alvaro J. Iradier Muro - airad...@gmail.com ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
