Re: [SECURITY] [DSA 2482-1] arpwatch security update
Le 02/06/2012 14:52, Yves-Alexis Perez a écrit :
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2482-1 security@debian.org
> http://www.debian.org/security/ Yves-Alexis Perez
> June 2, 2012 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : libgdata
> Vulnerability : insufficient certificate validation
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2012-2653
> Debian Bug : 664032
>
> Vreixo Formoso discovered that libgdata, a library used to access various
> Google services, wasn't validating certificates against trusted system
> root CAs when using an https connection.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 0.6.4-2+squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version 0.10.2-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 0.10.2-1.
>
> We recommend that you upgrade your libgdata packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
Hi,
Wrong subject: s/arpwatch/libgdata/
Cheers,
Vincent
Reply to: