certificate time is not validated with GNUTLS SSL library enabled (USE=gnutls) curl-7.16.4 fixes this problem. Please revdep-rebuild when updating.
Please, hold your horses for a bit, thanks. This would be better backported to a version that doesn't break ABI, dragonheart is working on it. :)
choice of stable version is available 7.16.4 or backported 7.15.5-r1 If 7.16.4 is selected as the stable ebuild then the following would need to be stabilized so they can compile correctly: ocurl-0.2.1 (prev stable dev-ml/ocurl-0.1.6) authforce-0.9.9 (prev stable net-analyzer/authforce-0.9.6) icecast-2.3.1-r1 (prev stable icecast-2.2.0 amd64 ppc64 sparc x86, icecast-2.1.0 alpha & ppc) pycurl-7.16.2.1 (prev stable pycurl-7.15.1) curl-7.15.5-r1 added if an ABI bump isn't desired. Curl has a rather large list of ABI breaks. Significant bug fixes have occurred since 7.15.5 though http://curl.haxx.se/changes.html. ref B2. Thinking this is too high. Only the validation time interval isn't checked. CN, certificate chain are checked. To exploit an old valid certificate needs to be obtained + some dns spoofing and social engineering to trick the client.
ok so let's go for the backported version fix. Arches, please test and mark stable curl-7.15.5-r1. target keywords are: curl-7.15.5-r1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
Stable for HPPA.
ppc64 stable
alpha/ia64/x86 stable
ppc stable
*** Bug 186215 has been marked as a duplicate of this bug. ***
sparc stable.
Remove mips from CC as they now have 7.16.4 stable
Why is this bug a B2? i would have say B4, and i would vote noglsa..
Agreed, voting no and closing without glsa.Feel free to reopen if you disagree.