AVG-180 log
| Package | libcurl-compat |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 7.52.1-1 |
| Fixed | 7.53.0-1 |
| Current | 8.16.0-1 [core] |
| Ticket | None |
| Created | Wed Feb 22 10:54:52 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-7468 | Medium | Yes | Certificate verification bypass | libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a... |
| CVE-2017-2629 | Low | Yes | Insufficient validation | A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true. curl and... |