oss-sec mailing list archives

CVE request: Curl insecure usage

From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 26 Nov 2012 16:06:35 +0100

Hi,
during the triage of the SSL client bugs spotted by the
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf paper
Debian developer Alessandro Ghedini discovered two more
applications using Curl in an insecure manner:

1. opendnssec (in the eppclient tool)
http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html

2. PHPcas (used by Moodle e.g.):
https://github.com/Jasig/phpCAS/pull/58

Please assign CVE IDs for these.

Cheers,
        Moritz

Current thread:

CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
  - Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
    - Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
  - Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
    - Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)
    - Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)
    - Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
    - Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)