oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Curl insecure usage

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 26 Nov 2012 11:42:42 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/2012 08:06 AM, Moritz Muehlenhoff wrote:

Hi, during the triage of the SSL client bugs spotted by the 
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf paper Debian
developer Alessandro Ghedini discovered two more applications using
Curl in an insecure manner:

1. opendnssec (in the eppclient tool) 
http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html

 2. PHPcas (used by Moodle e.g.): 
https://github.com/Jasig/phpCAS/pull/58

Please assign CVE IDs for these.

Cheers, Moritz



Have these been receiving individual CVE's? I can't find any offhand,
can you provide examples of others?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQs7giAAoJEBYNRVNeJnmTDM4QALlcub2QiCRwLG6hkUOfpMJa
EbWePTQ2DeShhmnCW1nFrbFQQWpzAQBvJdGmoS45L33ikv3FN5LJKblQ7PTYgHV0
AMluclPdvrF9szXYpAfREga+YlUbrMkzZnR1p3KTApeKaOMqE1gX41+2waXMqL73
I0p/eLalMP35+lNJJZRK2dE9dZ70f7GRCbfOTgvAV+LWWcyxOYm6RnS8iyfW4UIs
j3SFIAVya5xXvsKvlhsXtYQaqXpdlcIXkNUBgtCi1ECXt2kAfQEsdhS6B6fSoWAR
Nw3bFFiYjCpS5Ek+cpeLWNvklKr27JMchYyN7QYIq99U+2vS2uBAv5o8+cas0xzL
I33GhffxhthjROt3zfmv3oQhKgTAMaDSbC781gSxdU0h1xPwFolXq8h6ebJRBPwU
BRtnMpwgvM1Cw9EBSeoEA1+wZH1cahSeghT5GAkedn2F1Qn1CykQlQ/3AvXkohCp
O+uYq++7K4iYTz4Fjk71pTCzoaeLslDts3g0THRUE7AecKp0jREJ7fZp8Y6C8hYO
BEbb7GBphW9wYvRJMOQ7ILQbjfdE1gaSLF1qG2/zdoxmZqmdc6mY7zh8MeS27aUV
YcVeBblMyd+BgVzgDl7ZBcLJgwwH90jysUeG/i2NDlQuDDEP9CFNtfRGzXVNlLM+
0hkHSxVzqagWo/TNFQyn
=s0Km
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: