cURL / Mailing Lists / curl-library / Single Mail


Re: "The Most Dangerous Code in the World"

From: Alessandro Ghedini <>
Date: Tue, 30 Oct 2012 11:45:23 +0100

On Mon, Oct 29, 2012 at 10:46:48PM +0100, Daniel Stenberg wrote:
> On Mon, 29 Oct 2012, Alessandro Ghedini wrote:
> >Anyway, I just run a quick grep on all the sources of the packages
> >that build depend on libcurl and those that explicitly set
> >CURLOPT_SSL_VERIFYPEER are very few, even less those that set it
> >to 1 (possibily 5-6). This said I still have to check those that
> >use php5-curl, pycurl, ... (but there aren't many).
> Remember that these occurances may very well be actual security
> vulnerabilities...

Yes, I'll see what the Debian Security folks think about this, once I have a
clearer picture. Maybe we could even get those packages fixed before Wheezy is


perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

List admin:

Received on 2012-10-30