INN commit: trunk/doc/pod (news.pod)
INN Commit
rra at isc.org
Tue Sep 4 18:23:35 UTC 2012
Date: Tuesday, September 4, 2012 @ 11:23:35
Author: iulius
Revision: 9444
Mention CVE-2012-3523 in the NEWS file (though posterior to the 2.5.3 release)
Modified:
trunk/doc/pod/news.pod
----------+
news.pod | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
Modified: news.pod
===================================================================
--- news.pod 2012-07-08 20:17:15 UTC (rev 9443)
+++ news.pod 2012-09-04 18:23:35 UTC (rev 9444)
@@ -163,11 +163,13 @@
=item *
-Fixed a possible plaintext command injection during the negotiation of a
-TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS
-and AUTHINFO SASL commands. B<nnrpd> now resets its read buffer upon a
-successful negotiation of a TLS layer. It prevents malicious commands, sent
-unencrypted, from being executed in the new encrypted state of the session.
+Fixed a possible plaintext command injection during the negotiation
+of a TLS layer. The vulnerability detailed in CVE-2011-0411 (and
+CVE-2012-3523, specifically for INN) affects the STARTTLS and AUTHINFO
+SASL commands. B<nnrpd> now resets its read buffer upon a successful
+negotiation of a TLS layer. It prevents malicious commands, sent
+unencrypted, from being executed in the new encrypted state of the
+session.
=item *
More information about the inn-committers
mailing list