Dev.jostu@ gmail.com
Am 20.11.2013 23:18 schrieb "Salvatore Bonaccorso" <carnil@debian.org>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2798-2 security@debian.org guat so
> http://www.debian.org/security/ Salvatore Bonaccorso; ¤¤♡♥`~
> November 20, 2013 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : curl》》unsafe
> Vulnerability : unchecked ssl certificate host name
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2013-4545
>
> The update for curl in DSA-2798-1 uncovered a regression affecting the
> curl command line tool behaviour (#729965). This update disables host
> verification too when using the --insecure option.
>
> For the oldstable distribution (squeeze), this problem has been fixed in
> version 7.21.0-2.1+squeeze6.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 7.26.0-1+wheezy6.
>
> For the testing (jessie) and unstable (sid) distributions, the curl
> command line tool behaves as expected with the --insecure option.
>
> For reference the original advisory text follows.
>
> Scott Cantor discovered that curl, a file retrieval tool, would disable
> the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting
> was disabled. This would also disable ssl certificate host name checks
> when it should have only disabled verification of the certificate trust
> chain.
>
> The default configuration for the curl package is not affected by this
> issue since CURLOPT_SSLVERIFYPEER is enabled by default.
>
> For the oldstable distribution (squeeze), this problem has been fixed in
> version 7.21.0-2.1+squeeze5.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 7.26.0-1+wheezy5.
>
> For the testing (jessie) and unstable (sid) distributions, this problem
> has been fixed in version 7.33.0-1.
>
> We recommend that you upgrade your curl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.15 (GNU/Linux)
>
> iQIcBAEBCgAGBQJSjTSeAAoJEAVMuPMTQ89E+bMP/jxYqQsDtXJxFvefUBDI4Mki
> 3j6l+WsSd+GhEx/Sp7CYpUYmNjfybYZl2MdXeOfyB3czF3saBhpEo4/wXeLEJuQD
> PjA52GRvnfE4/pDnAIcHhbkfrI2MSJMU+NUpC2d2Zy2YAgQoeSBftSb91xZ9B1SI
> jbuiKNrSgIgcusBSmNFCXb4TdkCVhGi37B7J7NO9rPR6n6yBvX1xsIEJYOGJeMxL
> S9OWwbmcwjCdN6feNVK99YgfmEmRGLTpMosAmJSNN4KXa+OSr+g9Y+NHkve+CYy/
> GmKX/MInXaWdcRk4LoyEdQ8idhWdJEdPe7ZEoLttSGnfLUyXBzTVKbK5Ugx6RYM8
> 1NbKYZVGYfQAOwjIbKgGn0F5eQDi+OiXh1JleyLa7y8pvk+7tq6pOKAsa9H2rDsn
> nVTVzOs6qIDdjESndLEUNG+JJJpkpB/MOAfdAx4KHKS7GQ+quMg99azUdSmDRFbC
> EN8XA8JrC0LOSeUJiiZTdRgOpjlTKgXUHKrr9Z0Ft/U/uWxK9pX5nTcaw/WwI+vQ
> Ms7yx0i0WrTvGkTXLHx+JeGrPcvjNxX8muTEq07ZkceDjZIefmZs0J139Xd+OSn1
> M506eYcVgf4WNj8swR0h20S8eTA0BsNxXVOHmn113bwd95GxaTM4pKtANHuKLV3l
> Jq399e4/SnX3FWtSPFuK
> =v0Ra
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/E1VjG4s-0001Vt-DD@master.debian.org
> try out
On samsung i 9000 *^/$##@@@