August 20, 2009, 1:34 pm
This update includes the latest release of neon, version 0.28.6. This fixes two security issues:
* the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473)
* an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert...