neon: release 0.28.6 (SECURITY)
Joe Orton
joe at manyfish.co.uk
Tue Aug 18 11:06:03 EDT 2009
Download: http://www.webdav.org/neon/neon-0.28.6.tar.gz
Signature: http://www.webdav.org/neon/neon-0.28.6.tar.gz.asc
MD5: 252578ed555552b71d15909641484951 neon-0.28.6.tar.gz
SHA1: da7db2e3289cc3dbef7794e8cc3c56978a0d7157 neon-0.28.6.tar.gz
Changes in release 0.28.6:
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
a certificate subject name with OpenSSL; could allow an undetected
MITM attack against an SSL server if a trusted CA issues such a cert.
More information about the neon
mailing list