[Git][security-tracker-team/security-tracker][master] CVE-2016-10937/imapfilter: Reference commit for hostname validation for older openssl versions

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31d78bc8 by Salvatore Bonaccorso at 2019-09-17T04:24:01Z
CVE-2016-10937/imapfilter: Reference commit for hostname validation for older openssl versions

Reference the additional commit wihch add support for hostname
validation for OpenSSL 1.0.2 and later.

Upstream as well released a new upstream version with the required
fixes.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -803,6 +803,8 @@ CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an S
 	NOTE: https://github.com/lefcha/imapfilter/issues/142
 	NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0  and later):
 	NOTE: https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6
+	NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and later):
+	NOTE: https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1
 CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is an intege ...)
 	NOT-FOR-US: Kilo
 CVE-2019-16095 (Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/rea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d78bc838c7f647112a46d552e953991767adb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31d78bc838c7f647112a46d552e953991767adb0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/587bc409/attachment-0001.html>