[Technik] [SECURITY] [DSA 1333-1] New libcurl3-gnutls packages
fix certificate handling
Noèl Köthe
noel at debian.org
Mon Jul 23 11:25:20 CEST 2007
Am Mittwoch, den 18.07.2007, 21:09 +0100 schrieb Steve Kemp:
> Debian Security Advisory DSA-1333 security at debian.org
> http://www.debian.org/security/ Steve Kemp
> July 18th, 2007
>
> Package : libcurl3-gnutls
> Vulnerability : input validation
> Problem type : local and remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-3564
curl auf yuma und wasco aktualisiert.
> For the stable distribution (etch), this problem has been fixed in
> version 7.15.5-1etch1.
changelog:
curl (7.15.5-1etch1) stable-security; urgency=high
* Applied security patch to make libcurl/GnuTLS properly reject some
outdated or not yet valid server certificates. CVE-2007-3564.
-- Domenico Andreoli <cavok at debian.org> Sun, 15 Jul 2007 19:42:30 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070723/694678c9/attachment.pgp
More information about the Technik
mailing list