Summary: | <mail-mta/msmtp-1.4.19 X.509 NULL spoofing vulnerability (CVE-2009-3942) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | amigadave, net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://msmtp.sourceforge.net/news.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-11-18 19:31:38 UTC
I'm preparing a non-maintainer commit to .19. Removing bug 301036 as dependency to track the .20 bump in there. +*msmtp-1.4.19 (02 Apr 2010) + + 02 Apr 2010; Alex Legler <a3li@gentoo.org> -msmtp-1.4.9.ebuild, + -msmtp-1.4.14.ebuild, -msmtp-1.4.16.ebuild, -msmtp-1.4.17.ebuild, + +msmtp-1.4.19.ebuild: + Non-maintainer commit: Version bump for security bug 293647. Removing + unneeded vulnerable versions. + Arches, please test and mark stable: =mail-mta/msmtp-1.4.19 Target keywords : "amd64 ia64 ppc ppc64 sparc x86" Tests passed successfully on x86. x86 stable, thanks Andreas alpha/ia64/sparc stable ppc64 done ppc done amd64 stable, all arches done. + 17 Apr 2010; Alex Legler <a3li@gentoo.org> -msmtp-1.4.5.ebuild, + -msmtp-1.4.7.ebuild: + Removing vulnerable ebuilds, bug 293647. GLSA voting: YES glsa request filed. This issue was resolved and addressed in GLSA 201206-34 at http://security.gentoo.org/glsa/glsa-201206-34.xml by GLSA coordinator Stefan Behte (craig). |