oss-sec mailing list archives
Re: CVE request: Curl insecure usage
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 15 Jan 2013 18:49:12 +0100
On Tue, Jan 15, 2013 at 01:22:09AM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/25/2012 04:07 AM, Moritz Mhlenhoff wrote:On Thu, Nov 29, 2012 at 02:49:58PM -0700, Kurt Seifried wrote:Also can someone collate and post a list of all the other apps using curl insecurely and need CVE's with appropriate links to the upstreams/etc? Thanks.There are some, which are potentially affected, but where discussion with upstream is still pending. Shall we go ahead and post them or do you prefer to have them sorted out with upstream first? Cheers, MoritzI trust you. Course if you mess up and I assign a bad CVE Steve beats me with a stick... ;)Sorry for the late followup and merry christmas to you! There are two more issues related to this, which require CVE IDs (both also discovered by Alessandro Ghedini <ghedo () debian org>: 1. In the implementation of the Falcon programming language: (http://www.falconpl.org/) 2. In nuSOAP (http://sourceforge.net/projects/nusoap/) I'll post links with details to the Debian bugs once they've been filed.
Here we go: CVE-2012-6070 (falconpl): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696681 CVE-2012-6071 (nusoap) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696707 Cheers, Moritz
Current thread:
- Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 02)
- Re: CVE request: Curl insecure usage Kurt Seifried (Jan 02)
- <Possible follow-ups>
- Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 15)