| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E3208FF7-06A9-46F6-B986-560476717FC1@gmail.com> Date: Wed, 10 Apr 2013 11:44:22 +0100 From: Peter W-S <peterwintrsmith@...il.com> To: "security@...driva.com" <security@...driva.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: [ MDVSA-2013:101 ] lynx Is it really necessary to spam the list with a separate email for every issue you want to report? Perhaps one email a week with a link to the full report would suffice? On 10 Apr 2013, at 11:31, security@...driva.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > _______________________________________________________________________ > > Mandriva Linux Security Advisory MDVSA-2013:101 > http://www.mandriva.com/en/support/security/ > _______________________________________________________________________ > > Package : lynx > Date : April 10, 2013 > Affected: Business Server 1.0 > _______________________________________________________________________ > > Problem Description: > > Updated lynx package fixes security vulnerability: > > Lynx does not verify that the server's certificate is signed by > a trusted certification authority, which allows man-in-the-middle > attackers to spoof SSL servers via a crafted certificate, related to > improper use of a certain GnuTLS function (CVE-2012-5821). > _______________________________________________________________________ > > References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821 > https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351 > _______________________________________________________________________ > > Updated Packages: > > Mandriva Business Server 1/X86_64: > 777f25fe8b425d1385af79891e7c0447 mbs1/x86_64/lynx-2.8.7-5.1.mbs1.x86_64.rpm > 94b3428d676786e79c7a636dd7ee4e55 mbs1/SRPMS/lynx-2.8.7-5.1.mbs1.src.rpm > _______________________________________________________________________ > > To upgrade automatically use MandrivaUpdate or urpmi. The verification > of md5 checksums and GPG signatures is performed automatically for you. > > All packages are signed by Mandriva for security. You can obtain the > GPG public key of the Mandriva Security Team by executing: > > gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 > > You can view other update advisories for Mandriva Linux at: > > http://www.mandriva.com/en/support/security/advisories/ > > If you want to report vulnerabilities, please contact > > security_(at)_mandriva.com > _______________________________________________________________________ > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Mandriva Security Team > <security*mandriva.com> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iD8DBQFRZRVImqjQ0CJFipgRAnhUAJ9f1z5xakbIIqQDPAIls+PPWshN2gCfRk/Y > yQt2avmt+JhDF3c8wsDnepc= > =FGfl > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists