On Thu, Apr 10, 2014 at 12:01:03PM +0200, Alessandro Ghedini wrote:
> On mer, mar 26, 2014 at 06:50:41 +0100, Salvatore Bonaccorso wrote:
> > Package: curl
> > Version: 7.21.0-1
> > Severity: grave
> > Tags: security upstream fixed-upstream
> >
> > Hi Alessandro,
> >
> > For having this referenced also in the Debian BTS, the following
> > vulnerabilities were published for curl.
> >
> > CVE-2014-0138[0]:
> > libcurl wrong re-use of connections
> >
> > CVE-2014-0139[1]:
> > libcurl IP address wildcard certificate validation
>
> Here are the (old)stable debdiffs (better late than nothing, I guess... I had
> troubles adapting the patches for the older releases :/).
If this now passes the test suite, please upload.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
