neon: release 0.28.6 (SECURITY)

Joe Orton joe at
Tue Aug 18 11:06:03 EDT 2009

 MD5: 252578ed555552b71d15909641484951  neon-0.28.6.tar.gz
SHA1: da7db2e3289cc3dbef7794e8cc3c56978a0d7157  neon-0.28.6.tar.gz

Changes in release 0.28.6:
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
  could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
  a certificate subject name with OpenSSL; could allow an undetected
  MITM attack against an SSL server if a trusted CA issues such a cert.

More information about the neon mailing list