AVG-180 log
Package | libcurl-compat |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 7.52.1-1 |
Fixed | 7.53.0-1 |
Current | 8.11.1-3 [core] |
Ticket | None |
Created | Wed Feb 22 10:54:52 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-7468 | Medium | Yes | Certificate verification bypass | libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a... |
CVE-2017-2629 | Low | Yes | Insufficient validation | A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true. curl and... |