From secunia security advisory at $URL:
1) A weakness within the SSL and TLS Initialization Vector (IV) selection exists when compiled to use OpenSSL and the SSL_OP_ALL bitmask is used.
For more information:
Microsoft Windows SSL/TLS Initialization Vector Selection Weakness
This vulnerability is reported in versions 7.10.6 through 7.23.1.
2) Input passed via the file path section of URLs related to the IMAP, POP3, and SMTP protocols is not properly sanitised before being used in protocol-specific code and can be exploited to e.g. inject control characters and cause a mail server to send or delete messages.
This vulnerability is reported in versions 7.20.0 through 7.23.1.
Update to version 7.24.0.
i've added 7.24.0 since there's a security issue ... hopefully Christoph doesn't mind
@angelos, is it ready to stabilize?
26/073210 <@vapier> angelos: mind if i bump curl to 7.24.0 ?
26/073500 <@angelos> vapier: sure, go ahead
26/073803 -!- vapier [UserBah@nat/google/x-rsldjehppespqenp] has quit [Ping timeout: 272 seconds]
guess you missed it
anyway, good to go and thanks Mike
Arches, please test and mark stable:
Target KEYWORDS: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
*** Bug 401655 has been marked as a duplicate of this bug. ***
Thanks, folks. GLSA Vote: yes.
Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201203-02 at http://security.gentoo.org/glsa/glsa-201203-02.xml
by GLSA coordinator Sean Amoss (ackle).