From secunia security advisory at $URL: Description: 1) A weakness within the SSL and TLS Initialization Vector (IV) selection exists when compiled to use OpenSSL and the SSL_OP_ALL bitmask is used. For more information: Microsoft Windows SSL/TLS Initialization Vector Selection Weakness (https://secunia.com/advisories/46168/) This vulnerability is reported in versions 7.10.6 through 7.23.1. 2) Input passed via the file path section of URLs related to the IMAP, POP3, and SMTP protocols is not properly sanitised before being used in protocol-specific code and can be exploited to e.g. inject control characters and cause a mail server to send or delete messages. This vulnerability is reported in versions 7.20.0 through 7.23.1. Solution: Update to version 7.24.0. Original Advisory: http://curl.haxx.se/docs/adv_20120124B.html http://curl.haxx.se/docs/adv_20120124.html
i've added 7.24.0 since there's a security issue ... hopefully Christoph doesn't mind
Thanks Mike. @angelos, is it ready to stabilize?
26/073210 <@vapier> angelos: mind if i bump curl to 7.24.0 ? 26/073500 <@angelos> vapier: sure, go ahead 26/073803 -!- vapier [UserBah@nat/google/x-rsldjehppespqenp] has quit [Ping timeout: 272 seconds] guess you missed it anyway, good to go and thanks Mike
Arches, please test and mark stable: =net-misc/curl-7.24.0 Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable
Stable for HPPA.
x86 stable
*** Bug 401655 has been marked as a duplicate of this bug. ***
ppc done
alpha/arm/ia64/s390/sh/sparc stable
ppc64 done
@security: please vote
Thanks, folks. GLSA Vote: yes.
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201203-02 at http://security.gentoo.org/glsa/glsa-201203-02.xml by GLSA coordinator Sean Amoss (ackle).