curl-library
Re: "The Most Dangerous Code in the World"
Date: Tue, 30 Oct 2012 11:45:23 +0100
On Mon, Oct 29, 2012 at 10:46:48PM +0100, Daniel Stenberg wrote:
> On Mon, 29 Oct 2012, Alessandro Ghedini wrote:
>
> >Anyway, I just run a quick grep on all the sources of the packages
> >that build depend on libcurl and those that explicitly set
> >CURLOPT_SSL_VERIFYPEER are very few, even less those that set it
> >to 1 (possibily 5-6). This said I still have to check those that
> >use php5-curl, pycurl, ... (but there aren't many).
>
> Remember that these occurances may very well be actual security
> vulnerabilities...
Yes, I'll see what the Debian Security folks think about this, once I have a
clearer picture. Maybe we could even get those packages fixed before Wheezy is
released.
Cheers
-- perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: Digital signature