Re: Version 1.1.8 has been released

On 09/21/2009 06:51 AM, Alan Buxey wrote: Hi, This sounds harmless for most people, I guess, or at least for us, as we don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the patch, it seems that this can crash any server just by sending an empty attribute. That would mean that

Re: Version 1.1.8 has been released

Hi, > This sounds harmless for most people, I guess, or at least for us, as we > don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the > patch, it seems that this can crash any server just by sending an empty > attribute. That would mean that every 1.1.7 installation should upgra

Re: Version 1.1.8 has been released

Jakob Hirsch wrote: > This sounds harmless for most people, I guess, or at least for us, as we > don't use Tunnel-Password. But reading CVE-2009-3111 and looking at the > patch, it seems that this can crash any server just by sending an empty > attribute. That would mean that every 1.1.7 installati

Re: Version 1.1.8 has been released

Hi, Alan DeKok, 2009-09-09 14:54: > We have released version 1.1.8 to fix an issue with the handling of > Tunnel-Password. This is the same issue that was found in version This sounds harmless for most people, I guess, or at least for us, as we don't use Tunnel-Password. But reading CVE-2009-3

Version 1.1.8 has been released

We have released version 1.1.8 to fix an issue with the handling of Tunnel-Password. This is the same issue that was found in version 0.9.2, and which managed to return. Version 2.X is *not* affected by this issue. The difference between 1.1.7 and this release is the patch to fix that bug.