INN commit: branches/2.5/doc/pod (news.pod)

INN Commit rra at isc.org
Tue Sep 4 18:24:13 UTC 2012


    Date: Tuesday, September 4, 2012 @ 11:24:13
  Author: iulius
Revision: 9445

Mention CVE-2012-3523 in the NEWS file (though posterior to the 2.5.3 release)

Modified:
  branches/2.5/doc/pod/news.pod

----------+
 news.pod |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

Modified: news.pod
===================================================================
--- news.pod	2012-09-04 18:23:35 UTC (rev 9444)
+++ news.pod	2012-09-04 18:24:13 UTC (rev 9445)
@@ -44,11 +44,13 @@
 
 =item *
 
-Fixed a possible plaintext command injection during the negotiation of a
-TLS layer.  The vulnerability detailed in CVE-2011-0411 affects the STARTTLS
-and AUTHINFO SASL commands.  B<nnrpd> now resets its read buffer upon a
-successful negotiation of a TLS layer.  It prevents malicious commands, sent
-unencrypted, from being executed in the new encrypted state of the session.
+Fixed a possible plaintext command injection during the negotiation
+of a TLS layer.  The vulnerability detailed in CVE-2011-0411 (and
+CVE-2012-3523, specifically for INN) affects the STARTTLS and AUTHINFO
+SASL commands.  B<nnrpd> now resets its read buffer upon a successful
+negotiation of a TLS layer.  It prevents malicious commands, sent
+unencrypted, from being executed in the new encrypted state of the
+session.
 
 =item *
 



More information about the inn-committers mailing list