aboutsummaryrefslogtreecommitdiff
path: root/CHANGES
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-11-29 22:46:05 +0100
committerDaniel Stenberg <daniel@haxx.se>2013-12-16 22:47:31 +0100
commit1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914 (patch)
tree39a854a8cc010acc3ba917c865b071a3e0a78b50 /CHANGES
parent8a8f9a5d5775ea58807b3c3ff86a9b96ae4b0925 (diff)
gtls: respect *VERIFYHOST independently of *VERIFYPEER
Security flaw CVE-2013-6422 This is conceptually the same problem and fix that 3c3622b6 brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit 59cf93cc, present in the code since the libcurl 7.21.4 release. Advisory: http://curl.haxx.se/docs/adv_20131217.html Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers
Diffstat (limited to 'CHANGES')
0 files changed, 0 insertions, 0 deletions