On Sat, Mar 31, 2012 at 07:12:36PM +0200, Florian Weimer wrote:
> * Alessandro Ghedini:
>
> >> Anyway, you can upload to security-master when ready. You must build
> >> the package with specifying the -sa flag, on a squeeze system.
> >
> > Ok, thank you.
>
> Thanks for uploading. I'm a bit conf
* Alessandro Ghedini:
>> Anyway, you can upload to security-master when ready. You must build
>> the package with specifying the -sa flag, on a squeeze system.
>
> Ok, thank you.
Thanks for uploading. I'm a bit confused--is this an interoperability
issue introduced by DSA-2398-1?
--
To UNSU
On Wed, Mar 28, 2012 at 10:51:53PM +0200, Florian Weimer wrote:
> * Alessandro Ghedini:
>
> >> We should fix this through stable-security. Please send a debdiff once
> >> the fix has been testing in unstable for a few days.
> >
> > Attached is the debdiff for stable-security.
>
> Looks good.
>
>
* Alessandro Ghedini:
>> We should fix this through stable-security. Please send a debdiff once
>> the fix has been testing in unstable for a few days.
>
> Attached is the debdiff for stable-security.
Looks good.
> If everything's ok I will upload it (I'm a DD since a few hours) in
> a few days,
On Sun, Feb 12, 2012 at 08:23:02PM +0100, Moritz Mühlenhoff wrote:
> On Sat, Feb 11, 2012 at 02:04:01PM +0100, Alessandro Ghedini wrote:
> > On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote:
> > > On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> > > > On Sat, Feb 04,
On Fri, Mar 23, 2012 at 07:02:34PM +0100, Kurt Roeckx wrote:
> On Fri, Mar 23, 2012 at 06:38:40PM +0100, Alessandro Ghedini wrote:
> > Hi Kurt,
> >
> > curl 7.25.0 was released yesterday and I'm now working on updating the
> > Debian package. A problem come up though with the --ssl-enable-beast
>
On Fri, Mar 23, 2012 at 07:02:34PM +0100, Kurt Roeckx wrote:
> On Fri, Mar 23, 2012 at 06:38:40PM +0100, Alessandro Ghedini wrote:
> > Hi Kurt,
> >
> > curl 7.25.0 was released yesterday and I'm now working on updating the
> > Debian package. A problem come up though with the --ssl-enable-beast
>
On Fri, Mar 23, 2012 at 06:38:40PM +0100, Alessandro Ghedini wrote:
> Hi Kurt,
>
> curl 7.25.0 was released yesterday and I'm now working on updating the
> Debian package. A problem come up though with the --ssl-enable-beast
> new option of curl (which should fix the bug that you have reported)
>
Hi Kurt,
curl 7.25.0 was released yesterday and I'm now working on updating the
Debian package. A problem come up though with the --ssl-enable-beast
new option of curl (which should fix the bug that you have reported)
and the new version of openssl. If I build curl against the current
version 1.0.
On Sat, Feb 11, 2012 at 02:04:01PM +0100, Alessandro Ghedini wrote:
> On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote:
> > On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> > > On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> > > > Having SSL_OP_DONT_IN
On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote:
> On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> > On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> > > Having SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS disabled by default
> > > would be fine if I had the op
On Fri, Feb 10, 2012 at 20:23:24 +0100, Kurt Roeckx wrote:
> On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> > On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> > > Having SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS disabled by default
> > > would be fine if I had the opt
On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> > Having SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS disabled by default
> > would be fine if I had the option to turn it on. In that case
> > it's my decision to ignore the
Processing commands for cont...@bugs.debian.org:
> tags 658276 fixed-upstream
Bug #658276 [libcurl3] libcurl3: No more compatible with older SSL
implementations
Added tag(s) fixed-upstream.
> kthxbye
Stopping processing here.
Please contact me if you need assistance.
--
658276: http://bugs.debi
tags 658276 fixed-upstream
kthxbye
On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> On Sat, Feb 04, 2012 at 10:11:31PM +0100, Alessandro Ghedini wrote:
> >
> > AFAIU, the problem is that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option is
> > meant to keep compatibility with some olde
On Sat, Feb 04, 2012 at 10:11:31PM +0100, Alessandro Ghedini wrote:
>
> AFAIU, the problem is that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option is
> meant to keep compatibility with some older and broken SSL implementations
> that don't support empty fragments, but it also re-introduces a secur
Processing commands for cont...@bugs.debian.org:
> retitle 658276 libcurl3: No more compatible with older SSL implementations
Bug #658276 [libcurl3] libcurl3: Doesn't work for all sites anymore
Changed Bug title to 'libcurl3: No more compatible with older SSL
implementations' from 'libcurl3: Does
retitle 658276 libcurl3: No more compatible with older SSL implementations
forwarded 658276 http://curl.haxx.se/mail/lib-2012-02/0001.html
kthxbye
On Wed, Feb 01, 2012 at 07:27:06PM +0100, Kurt Roeckx wrote:
> Package: libcurl3
> Version: 7.21.0-2.1+squeeze1, 7.24.0-1
> Severity: grave
>
> Hi,
H
Package: libcurl3
Version: 7.21.0-2.1+squeeze1, 7.24.0-1
Severity: grave
Hi,
After the upgrade from 7.21.0-2 or 7.23.1-3 some sites stop to
work while others continue to work.
My guess is that this is related to the CVE-2011-3389 change.
If my memory is any good, the reason why openssl still doe
19 matches
Mail list logo