| 2013-12-04 18:47:12 |
Ray Link |
bug |
|
|
added bug |
| 2013-12-04 18:47:12 |
Ray Link |
attachment added |
|
CVE-2013-4545.patch https://bugs.launchpad.net/bugs/1257872/+attachment/3923282/+files/CVE-2013-4545.patch |
|
| 2013-12-04 18:47:33 |
Ray Link |
information type |
Private Security |
Public Security |
|
| 2013-12-04 18:48:56 |
Ray Link |
description |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
From CVE report:
----------
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
----------
From developer: http://curl.haxx.se/docs/adv_20131115.html
Debian security advisory: http://www.debian.org/security/2013/dsa-2798
Patch (same fix as upstream and Debian) attached. |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
From CVE report:
----------
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
----------
From developer: http://curl.haxx.se/docs/adv_20131115.html
Debian security advisory: http://www.debian.org/security/2013/dsa-2798
Patch (same fix as upstream and Debian) against 7.22.0-3ubuntu4.3 (current Precise) attached. |
|
| 2013-12-04 18:50:56 |
Ray Link |
bug |
|
|
added subscriber Jeffrey Hutzelman |
| 2013-12-04 19:10:21 |
Luke Faraone |
cve linked |
|
2013-4545 |
|
| 2013-12-04 19:10:57 |
Luke Faraone |
tags |
|
patch |
|
| 2013-12-04 19:13:28 |
Luke Faraone |
curl (Ubuntu): status |
New |
Fix Released |
|
| 2013-12-04 19:14:08 |
Luke Faraone |
nominated for series |
|
Ubuntu Lucid |
|
| 2013-12-04 19:14:08 |
Luke Faraone |
nominated for series |
|
Ubuntu Precise |
|
| 2013-12-04 19:14:08 |
Luke Faraone |
nominated for series |
|
Ubuntu Quantal |
|
| 2013-12-04 19:14:08 |
Luke Faraone |
nominated for series |
|
Ubuntu Saucy |
|
| 2013-12-04 19:14:08 |
Luke Faraone |
nominated for series |
|
Ubuntu Raring |
|
| 2013-12-04 19:24:40 |
Marc Deslauriers |
bug task added |
|
curl (Ubuntu Lucid) |
|
| 2013-12-04 19:24:43 |
Marc Deslauriers |
bug task added |
|
curl (Ubuntu Precise) |
|
| 2013-12-04 19:24:46 |
Marc Deslauriers |
bug task added |
|
curl (Ubuntu Quantal) |
|
| 2013-12-04 19:24:49 |
Marc Deslauriers |
bug task added |
|
curl (Ubuntu Raring) |
|
| 2013-12-04 19:24:52 |
Marc Deslauriers |
bug task added |
|
curl (Ubuntu Saucy) |
|
| 2013-12-04 19:25:36 |
Marc Deslauriers |
curl (Ubuntu Lucid): status |
New |
Confirmed |
|
| 2013-12-04 19:25:40 |
Marc Deslauriers |
curl (Ubuntu Lucid): importance |
Undecided |
Low |
|
| 2013-12-04 19:25:44 |
Marc Deslauriers |
curl (Ubuntu Lucid): status |
Confirmed |
In Progress |
|
| 2013-12-04 19:25:48 |
Marc Deslauriers |
curl (Ubuntu Lucid): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2013-12-04 19:25:52 |
Marc Deslauriers |
curl (Ubuntu Precise): status |
New |
In Progress |
|
| 2013-12-04 19:25:57 |
Marc Deslauriers |
curl (Ubuntu Precise): importance |
Undecided |
Low |
|
| 2013-12-04 19:25:59 |
Marc Deslauriers |
curl (Ubuntu Precise): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2013-12-04 19:26:03 |
Marc Deslauriers |
curl (Ubuntu Quantal): status |
New |
In Progress |
|
| 2013-12-04 19:26:08 |
Marc Deslauriers |
curl (Ubuntu Raring): status |
New |
In Progress |
|
| 2013-12-04 19:26:12 |
Marc Deslauriers |
curl (Ubuntu Saucy): status |
New |
In Progress |
|
| 2013-12-04 19:26:16 |
Marc Deslauriers |
curl (Ubuntu Quantal): importance |
Undecided |
Low |
|
| 2013-12-04 19:26:19 |
Marc Deslauriers |
curl (Ubuntu Quantal): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2013-12-04 19:26:23 |
Marc Deslauriers |
curl (Ubuntu Raring): importance |
Undecided |
Low |
|
| 2013-12-04 19:26:25 |
Marc Deslauriers |
curl (Ubuntu Raring): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2013-12-04 19:26:29 |
Marc Deslauriers |
curl (Ubuntu Saucy): importance |
Undecided |
Low |
|
| 2013-12-04 19:26:32 |
Marc Deslauriers |
curl (Ubuntu Saucy): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2013-12-05 19:09:19 |
Luke Faraone |
curl (Ubuntu Lucid): status |
In Progress |
Fix Released |
|
| 2013-12-05 19:09:23 |
Luke Faraone |
curl (Ubuntu Precise): status |
In Progress |
Fix Released |
|
| 2013-12-05 19:09:27 |
Luke Faraone |
curl (Ubuntu Quantal): status |
In Progress |
Fix Released |
|
| 2013-12-05 19:09:30 |
Luke Faraone |
curl (Ubuntu Raring): status |
In Progress |
Fix Released |
|
| 2013-12-05 19:09:33 |
Luke Faraone |
curl (Ubuntu Saucy): status |
In Progress |
Fix Released |
|
