Date: Mon, 26 Nov 2012 16:06:35 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request: Curl insecure usage Hi, during the triage of the SSL client bugs spotted by the http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf paper Debian developer Alessandro Ghedini discovered two more applications using Curl in an insecure manner: 1. opendnssec (in the eppclient tool) http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html 2. PHPcas (used by Moodle e.g.): https://github.com/Jasig/phpCAS/pull/58 Please assign CVE IDs for these. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ