[Fedora-i18n-bugs] [Bug 604855] CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jun 16 21:01:40 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=604855
--- Comment #1 from Vincent Danen <vdanen at redhat.com> 2010-06-16 17:01:37 EDT ---
As noted by Ludwig Nussel of the SUSE security team, w3m does not, by default,
verify certificates, however the /etc/w3m/config configuration as supplied by
Red Hat Enterprise Linux 5 and Fedora, do have "ssl_verify_server 1" set, so
w3m is doing certificate verification by default.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the i18n-bugs
mailing list