lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <F1629451-9BD5-4B40-B58A-ECB54EA42B83@lists.apple.com>
Date: Wed, 18 Sep 2013 11:57:31 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: "security-announce@...ts.apple.com" <security-announce@...ts.apple.com>
Subject: APPLE-SA-2013-09-18-3 Xcode 5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-09-18-3 Xcode 5.0

Xcode 5.0 is now available and addresses the following:

Git
Available for:  OS X Mountain Lion v10.8.4 or later
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  When using the imap-send command, git did not verify
that the server hostname matched a domain name in the X.509
certificate, which allowed a man-in-the-middle attacker to spoof SSL
servers via an arbitrary valid certificate. This issue was addressed
by updating git to version 1.8.3.1.
CVE-ID
CVE-2013-0308


Xcode 5.0 is also available from the App Store. It is free to anyone
with OS X 10.8.x Mountain Lion and later.

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "5.0".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJSOe7bAAoJEPefwLHPlZEwNygP/j/HD+lz/Y/8NBB7gQjaMb8N
OUs7CrwZCsVC2ziDrn/Hry9roT2zOwgg3GOSdtr4h1erRm9eZd0fwqNAA/v+tuYi
JFuLmPuLIgDvRLf97AWcKeebbwOLeG+zg0VJx6fTXrdG/jujncHZVCfLpL7KKCHz
n8Jj0DSeOsONRNEpK2nGr5V3D/gX6OvYHieS5GcaFfcrIWz30I6maZJgOHgEv/yA
z8uyysdPoTEpQ8TW9iHPJNlVWal+UyDYJAuLLVZ5H4ZeDhBuKV1fmK2MBlvFY307
rBeNje+kuloJUluH2KC1a86IqxJzhpv7/l+cpasaxitqnFsjH4YplwjofcyxB7D4
/Wdl9ZiUaQoL94FXhOHIfEARTNym7JkLAx4SkI0Tw+BHP7KYVwlU+g2ZsYVR6dQt
+dgq7/ZBuivQfXpggRTb3bUdz1v8EvZ9Wz+ahF0yhurZt6zNWzJHe3sH2nS8MlPl
vEfYqyg+NLR/EacRLkdHPfVlkmtNzn4HeCzTGNqfMnfaaumBYK6F00MTxHdnhz5h
zYUiuooZrOCBp5IMCg20O5U03EJgu/8ayFAyG8sN84OB2pr1eVww87wAnyKUpwrP
UMHkkn4PrBxBrcZWfc/71AD8sSv4X0miwiqvVe3Fxcekbtk8WGjdP89BU+rizey2
jXZBAo6nm5o4KNYY/5Bo
=hxAK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ