[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2482-1] arpwatch security update

Le 02/06/2012 14:52, Yves-Alexis Perez a écrit :
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2482-1                   security@debian.org
> http://www.debian.org/security/                         Yves-Alexis Perez
> June 2, 2012                           http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package        : libgdata
> Vulnerability  : insufficient certificate validation
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2012-2653
> Debian Bug     : 664032
>
> Vreixo Formoso discovered that libgdata, a library used to access various
> Google services, wasn't validating certificates against trusted system
> root CAs when using an https connection.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 0.6.4-2+squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version 0.10.2-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 0.10.2-1.
>
> We recommend that you upgrade your libgdata packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org

Hi,

Wrong subject: s/arpwatch/libgdata/

Cheers,
Vincent
Reply to: