Security vulnerability has been fixed

All protocols supporting STARTTLS command were vulnerable to plaintext injection CVE-2011-0411 til today. A fix is available in CVS:

http://openfwtk.cvs.sourceforge.net/viewvc/openfwtk/fwtk/libem/emiossl.c?r1=1.3&r2=1.4

Binary packages are not updated yet as it is relatively low impact; let me know if you need it immediately.

Posted by ArkanoiD 2011-04-11

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks