Victor Duchovni:
> On Tue, Mar 08, 2011 at 12:59:15PM +1100, Brad Hards wrote:
>
> > On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
> > > This is a writeup about a flaw that I found recently, and that
> > > existed in multiple implementations of SMTP (Simple Mail Transfer
> > > Protocol) over
Wietse Venema put forth on 3/7/2011 2:08 PM:
> CERT/CC announces a flaw today in multiple STARTTLS implementations.
> This problem was silently fixed in Postfix 2.8 and 2.9. Updates
> for Postfix 2.[4-7] are made available via the usual channels.
Nice catch Wietse! Normally I'd follow that with "
On Tue, Mar 08, 2011 at 12:59:15PM +1100, Brad Hards wrote:
> On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
> > This is a writeup about a flaw that I found recently, and that
> > existed in multiple implementations of SMTP (Simple Mail Transfer
> > Protocol) over TLS (Transport Layer Securit
On Tue, 8 Mar 2011 07:08:09 am Wietse Venema wrote:
> This is a writeup about a flaw that I found recently, and that
> existed in multiple implementations of SMTP (Simple Mail Transfer
> Protocol) over TLS (Transport Layer Security) including my Postfix
> open source mailserver. I give an overview
CERT/CC announces a flaw today in multiple STARTTLS implementations.
This problem was silently fixed in Postfix 2.8 and 2.9. Updates
for Postfix 2.[4-7] are made available via the usual channels.
Wietse
Plaintext injection in multiple implementations of STARTTLS
==
