August 20, 2009, 1:33 pm
502451 - X509v1 CA certificate is not trusted
This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates...