[SECURITY] [DLA 586-1] curl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : curl
Version : 7.26.0-1+wheezy14
CVE ID : CVE-2016-5419 CVE-2016-5420
CVE-2016-5419
Bru Rom discovered that libcurl would attempt to resume a TLS
session even if the client certificate had changed.
CVE-2016-5420
It was discovered that libcurl did not consider client certificates
when reusing TLS connections.
For Debian 7 "Wheezy", these problems have been fixed in version
7.26.0-1+wheezy14.
We recommend that you upgrade your curl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXo3+gXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkW1AQAJaYJctq1cARch//EzycVlDo
8mNerNq63Qjr1rgPIk5nyG5fWYOFdtazAXeb3YVQV+zOHZ6Gd9LkKVvuKuTZw7oE
qxMSSPqdYpmVjGQf77j9MLgYg0zv5AFgVo1qGQMMCWtR08hnfoe9wJClwj/Ck59t
YATGTtVhfAc5nmEgY27zo7xH/1p0lct+fNNh+YIY1CXquoROEZJ4Z/b6H4UTYkwD
kuUb5qN92H0qCrLcCEyTfRBcn1aCelIC7y1p19lGZkEom0tfhFmucAoWHpJ8Y+gl
EYmFx4XBiTm2tNyH3MDfgAUqomLGr0LWwpHOoe/lpQfFRxN/seeBBoIAc8uY57L8
hI9XntyaJ6HkUzvhf73zAFlr/PQMr16tCwOB7miiis9geNsOkPhrTJZz/LaUHbBP
CeVXHI8ZKAXXJRewO7cO+SshF0Bn2hv7FU2hJMUWhfanuBtHVpCoGYN8m9X2MmMX
hIg85bULhCkYlNfE5WGkSU1nvZGR2Rh/JzK3ur8Pchn0036Im+h+xxMezqqnYMsd
v/JzFIyK4t8kRZE4A8oD8zGAOmJEdRtxkU/6C16P7LOL/8jvKkUOIwF7EOPDa0bg
PsW5D/986FkCofncF29rq2ltop+jNqQQ6ciVx7GgmmoMmvqRzpXvZqBY5KivnusN
JmS5v6wmjzYGPuPDgLHm
=WaDl
-----END PGP SIGNATURE-----
Reply to: