curl-library
Re: "The Most Dangerous Code in the World"
Date: Tue, 6 Nov 2012 21:21:11 +0100
On Mon, Oct 29, 2012 at 09:43:08PM +0100, Alessandro Ghedini wrote:
> Anyway, I just run a quick grep on all the sources of the packages that build
> depend on libcurl and those that explicitly set CURLOPT_SSL_VERIFYPEER are very
> few, even less those that set it to 1 (possibily 5-6). This said I still have to
> check those that use php5-curl, pycurl, ... (but there aren't many).
Btw, today the new Debian Code Search service was launched [0] and of course
the first search I've done is [1] and then [2]. The interface is not optimal
as of now, but at least you don't have to download all the source packages.
Also, I've almost finished looking into the suspect Debian packages. I just
need to check the last few packages and put the whole data into a nice format.
Cheers
[0] http://codesearch.debian.net/
[1] http://codesearch.debian.net/search?q=CURLOPT_SSL_VERIFYHOST
[2] http://codesearch.debian.net/search?q=CURLOPT_SSL_VERIFYHOST%2C+1
-- perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: Digital signature