CVE-2013-4545 - MitM attack/spoof
Bug #1257872 reported by
Ray Link
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
curl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Low
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Low
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Low
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Low
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Low
|
Marc Deslauriers |
Bug Description
http://
From CVE report:
----------
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_
----------
From developer: http://
Debian security advisory: http://
Patch (same fix as upstream and Debian) against 7.22.0-3ubuntu4.3 (current Precise) attached.
CVE References
Changed in curl (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in curl (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Changed in curl (Ubuntu Quantal): | |
status: | In Progress → Fix Released |
Changed in curl (Ubuntu Raring): | |
status: | In Progress → Fix Released |
Changed in curl (Ubuntu Saucy): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Debian fixed this in 7.33.0-1 , and we have 7.33.0-1ubuntu1 in trusty.