Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: Curl insecure usage
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 26 Nov 2012 16:06:35 +0100

Hi,
during the triage of the SSL client bugs spotted by the
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf paper
Debian developer Alessandro Ghedini discovered two more
applications using Curl in an insecure manner:

1. opendnssec (in the eppclient tool)
http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html

2. PHPcas (used by Moodle e.g.):
https://github.com/Jasig/phpCAS/pull/58

Please assign CVE IDs for these.

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]