Bug #2337
Bugfix in curl
| Status: | Resolved | Start date: | 04/03/2012 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected version: | Affected Architecture: |
Description
Since curl is enabled in https://github.com/bsdperimeter/pfsense-tools/blob/master/pfPorts/php5-extensions/Makefile I thought I should note that certain curl (http://curl.haxx.se/) regressions were fixed in Linux distros like Redhat and Debian a few days ago:
Package : curl
Vulnerability : regression
Debian-specific: no
Debian Bug : 658276cURL is a command-line tool and library for transferring data with URL
syntax. It was discovered that the countermeasures against the
Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,
"BEAST") cause interoperability issues with some server
implementations. This update ads the the CURLOPT_SSL_OPTIONS and
CURLSSLOPT_ALLOW_BEAST options to the library, and the
- --ssl-allow-beast option to the "curl" program.
http://www.debian.org/security/2012/dsa-2398
http://rhn.redhat.com/errata/RHBA-2012-0430.html
History
#1
Updated by Dim Hatz about 1 year ago
BTW this was just a heads up, I guess any issues will be promptly fixed upstream by the FreeBSD ports (http://www.freshports.org/ftp/curl/) people...
#2
Updated by Chris Buechler 11 months ago
- Status changed from New to Resolved