On Thu, Apr 10, 2014 at 12:01:03PM +0200, Alessandro Ghedini wrote: > On mer, mar 26, 2014 at 06:50:41 +0100, Salvatore Bonaccorso wrote: > > Package: curl > > Version: 7.21.0-1 > > Severity: grave > > Tags: security upstream fixed-upstream > > > > Hi Alessandro, > > > > For having this referenced also in the Debian BTS, the following > > vulnerabilities were published for curl. > > > > CVE-2014-0138[0]: > > libcurl wrong re-use of connections > > > > CVE-2014-0139[1]: > > libcurl IP address wildcard certificate validation > > Here are the (old)stable debdiffs (better late than nothing, I guess... I had > troubles adapting the patches for the older releases :/).
If this now passes the test suite, please upload. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org