cURL / Mailing Lists / curl-library / Single Mail

curl-library

Is libcurl/curl affected by OpenSSL "DH small subgroups (CVE-2016-0701)"?

From: Dana Burd <danaburd_at_icontrol.com>
Date: Fri, 29 Jan 2016 06:38:25 +0000

Wise curl folks,

There's a new "high severity" vulnerability in OpenSSL 1.0.2:
  https://www.openssl.org/news/secadv/20160128.txt

I'm curious if curl-7.40.0 is affected at all. I poked around the source, but it's a bit over my head. Any insights appreciated...
If curl-7.40.0 is affected, pointers on how to patch with the right OpenSSL option is even more appreciated!

Thanks!
-Dana

Dana Burd
danaburd_at_icontrol.com

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-29