diff options
author | Daniel Stenberg <daniel@haxx.se> | 2013-11-29 22:46:05 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-12-16 22:47:31 +0100 |
commit | 1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914 (patch) | |
tree | 39a854a8cc010acc3ba917c865b071a3e0a78b50 /CHANGES | |
parent | 8a8f9a5d5775ea58807b3c3ff86a9b96ae4b0925 (diff) |
gtls: respect *VERIFYHOST independently of *VERIFYPEER
Security flaw CVE-2013-6422
This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.
This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.
Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
Diffstat (limited to 'CHANGES')
0 files changed, 0 insertions, 0 deletions