cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Alessandro Ghedini <al3xbio_at_gmail.com>
Date: Tue, 30 Oct 2012 11:45:23 +0100

On Mon, Oct 29, 2012 at 10:46:48PM +0100, Daniel Stenberg wrote:
> On Mon, 29 Oct 2012, Alessandro Ghedini wrote:
>
> >Anyway, I just run a quick grep on all the sources of the packages
> >that build depend on libcurl and those that explicitly set
> >CURLOPT_SSL_VERIFYPEER are very few, even less those that set it
> >to 1 (possibily 5-6). This said I still have to check those that
> >use php5-curl, pycurl, ... (but there aren't many).
>
> Remember that these occurances may very well be actual security
> vulnerabilities...

Yes, I'll see what the Debian Security folks think about this, once I have a
clearer picture. Maybe we could even get those packages fixed before Wheezy is
released.

Cheers

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/pgp-signature attachment: Digital signature

Received on 2012-10-30

This message: [ Message body ]
Next message: Alessandro Ghedini: "Re: "The Most Dangerous Code in the World""
Previous message: Yehezkel Horowitz: "RE: "The Most Dangerous Code in the World""
In reply to: Daniel Stenberg: "Re: "The Most Dangerous Code in the World""
Next in thread: Nick Zitzmann: "Re: "The Most Dangerous Code in the World""

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]