AVG-183 log

Package lib32-libcurl-compat
Status Fixed
Severity Medium
Type multiple issues
Affected 7.52.1-2
Fixed 7.53.0-1
Current 8.6.0-3 [multilib]
Ticket None
Created Wed Feb 22 10:59:08 2017
Issue Severity Remote Type Description
CVE-2017-7468 Medium Yes Certificate verification bypass
libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a...
CVE-2017-2629 Low Yes Insufficient validation
A coding error has been found in curl >= 7.52.0 and < 7.53.0, causing the TLS Certificate Status Request extension check to always return true. curl and...