Candidate: CVE-2009-2666
PublicDate: 2009-08-07 19:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
 http://marc.info/?l=oss-security&m=124949601207156&w=2
 http://fetchmail.berlios.de/fetchmail-SA-2009-01.txt
 https://ubuntu.com/security/notices/USN-816-1
Description:
 socket.c in fetchmail before 6.3.11 does not properly handle a '\0'
 character in a domain name in the subject's Common Name (CN) field of an
 X.509 certificate, which allows man-in-the-middle attackers to spoof
 arbitrary SSL servers via a crafted certificate issued by a legitimate
 Certification Authority, a related issue to CVE-2009-2408.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Matthias Andree
Assigned-to:
CVSS: 

Patches_fetchmail:
upstream_fetchmail: needs-triage
dapper_fetchmail: released (6.3.2-2ubuntu2.3)
hardy_fetchmail: released (6.3.8-10ubuntu1.1)
intrepid_fetchmail: released (6.3.8-11ubuntu3.1)
jaunty_fetchmail: released (6.3.9~rc2-4ubuntu1.1)
devel_fetchmail: released (6.3.9~rc2-4ubuntu4)