Bugfix in curl
|Affected version:||Affected Architecture:|
Since curl is enabled in https://github.com/bsdperimeter/pfsense-tools/blob/master/pfPorts/php5-extensions/Makefile I thought I should note that certain curl (http://curl.haxx.se/) regressions were fixed in Linux distros like Redhat and Debian a few days ago:
Package : curl
Vulnerability : regression
Debian Bug : 658276
cURL is a command-line tool and library for transferring data with URL
syntax. It was discovered that the countermeasures against the
Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,
"BEAST") cause interoperability issues with some server
implementations. This update ads the the CURLOPT_SSL_OPTIONS and
CURLSSLOPT_ALLOW_BEAST options to the library, and the
- --ssl-allow-beast option to the "curl" program.
#1 Updated by Dim Hatz about 1 year ago
BTW this was just a heads up, I guess any issues will be promptly fixed upstream by the FreeBSD ports (http://www.freshports.org/ftp/curl/) people...