Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=660847 Tomas Hoger <thoger@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Status Whiteboard|public=20101206,reported=20 |impact=low,public=20101206, |101206,source=debian,impact |reported=20101206,source=de |=moderate,cvss2=4.3/AV:N/AC |bian,cvss2=4/AV:N/AC:H/Au:N |:M/Au:N/C:P/I:N/A:N,fedora- |/C:P/I:P/A:N,fedora-all/per |all/perl-IO-Socket-SSL=affe |l-IO-Socket-SSL=affected,rh |cted,rhel-6/perl-IO-Socket- |el-6/perl-IO-Socket-SSL=aff |SSL=affected,rhel-5/perl-IO |ected,rhel-5/perl-IO-Socket |-Socket-SSL=notaffected |-SSL=notaffected Severity|medium |low --- Comment #8 from Tomas Hoger <thoger@xxxxxxxxxx> 2011-01-04 03:29:44 EST --- This issue has low security impact. Fallback to VERIFY_NONE only happens in case of misconfiguration, i.e. when user requests certificate verification but fails to specify valid CA certificate store. Warning message is printed in such case, making it easy to spot. Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect perl-IO-Socket-SSL version as shipped with Red Hat Enterprise Linux 5. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
