On 09/21/2009 06:51 AM, Alan Buxey wrote:
Hi,
This sounds harmless for most people, I guess, or at least for us, as we
don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
patch, it seems that this can crash any server just by sending an empty
attribute. That would mean that
Hi,
> This sounds harmless for most people, I guess, or at least for us, as we
> don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
> patch, it seems that this can crash any server just by sending an empty
> attribute. That would mean that every 1.1.7 installation should upgra
Jakob Hirsch wrote:
> This sounds harmless for most people, I guess, or at least for us, as we
> don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the
> patch, it seems that this can crash any server just by sending an empty
> attribute. That would mean that every 1.1.7 installati
Hi,
Alan DeKok, 2009-09-09 14:54:
> We have released version 1.1.8 to fix an issue with the handling of
> Tunnel-Password. This is the same issue that was found in version
This sounds harmless for most people, I guess, or at least for us, as we
don't use Tunnel-Password. But reading CVE-2009-3
We have released version 1.1.8 to fix an issue with the handling of
Tunnel-Password. This is the same issue that was found in version
0.9.2, and which managed to return.
Version 2.X is *not* affected by this issue.
The difference between 1.1.7 and this release is the patch to fix that
bug.
5 matches
Mail list logo