Hi, audit-packages(8) has an entry for an stunnel vulnerability stunnel<4.24 accepts-revoked-ocsp-cert \ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2420which should be restricted to v4.16 .. v4.23, since it concerns OCSP functionality that e.g. wip/stunnel3 does not have.
hauke -- The ASCII Ribbon Campaign Hauke Fath () No HTML/RTF in email Institut für Nachrichtentechnik /\ No Word docs in email TU Darmstadt Respect for open standards Ruf +49-6151-16-3281