I need to revoke this approval -- libesmtp is vulnerable to a variation of CVE-2009-2408, in that it does not correctly handle NULL-bytes in the commonName of certificates when comparing domain names. (See smtp-tls.c)
I need to revoke this approval -- libesmtp is vulnerable to a variation of CVE-2009-2408, in that it does not correctly handle NULL-bytes in the commonName of certificates when comparing domain names. (See smtp-tls.c)