oss-sec mailing list archives
Re: CVE request: Curl insecure usage
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 27 Dec 2012 10:34:34 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/26/2012 04:38 AM, Moritz Muehlenhoff wrote:
On Thu, Nov 29, 2012 at 10:44:36PM +0100, Moritz Mühlenhoff wrote:Also can someone collate and post a list of all the other apps using curl insecurely and need CVE's with appropriate links to the upstreams/etc? Thanks.There are some, which are potentially affected, but where discussion with upstream is still pending.Here are two more, please assign CVE IDs (both discovered by Alessandro Ghedini): 1. Falcon programming language: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696681
Please use CVE-2012-6070 for this issue.
2. NuSOAP PHP package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696707
Please use CVE-2012-6071 for this issue.
Cheers, Moritz
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQ3IaqAAoJEBYNRVNeJnmTM7gQAI0notT9HWHAejaFh0wX5eV3 t/DThiMq41KvczOLibEdyjuOnS4aVfrlwaj/oNs36m4YprDoU9Ggh18gGboC7/5s eRhfdzYy9lmhCKhq2mjG3IJVZKfZBCC670dlAvOHPdjEOH6/5Te+ZHhzPNlwYy5Z uTIL3SJDxH9uUTsA2g5AydZNlNB5tv52Vr8vrVlqXgRxJPn7GeXXoHozFbwf9MJ+ 2dsCiXaoZAUIJPacZqwVdtR0lBxD8VPw9rH3/f5KNG8NwzAjtkKy5rT3UcKmv14c cXzbJi+9tT6VV7+mCukImoO/GNbx637O/cU8/J3yz8NTFDSHStJn6KKzA9sAuy0m PyYGphOLHAQZRduTE5qGBN0HAVHpaROY6vIZLeSyq2wrG+G56wzOgzaNS90FTUJc Dn5ScEZOoy6mwKnO2B1m48NLYE8KdHUPcxjzeEv0oIH1kyvVh+D2UfUP6Q7zPvaG oMuU0R15HnsCQpVYJtiqAHXNb8O1iQi8TSPbQrrr5/FQthGZPi1m04RNEsrahfat a+l6SjvcgzHf5CmRjKs9n21jbUt/95UiXTKg9ZpLTPqBM6K8JTnhK6NnK72FGvDg u4iY2ART4UAM52d5U0p0yYUB2kgRVc59dl2Zn5CXsO+qL8IHeSGjMvYzQeglvpAS XokT44eCQNLJZuIyyAZE =XOex -----END PGP SIGNATURE-----
Current thread:
- CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)