Google Git
Sign in
fuchsia / third_party / curl / 1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914
commit1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914[log] [tgz]
authorDaniel Stenberg <daniel@haxx.se>Fri Nov 29 22:46:05 2013 +0100
committerDaniel Stenberg <daniel@haxx.se>Mon Dec 16 22:47:31 2013 +0100
tree39a854a8cc010acc3ba917c865b071a3e0a78b50
parent8a8f9a5d5775ea58807b3c3ff86a9b96ae4b0925 [diff]
gtls: respect *VERIFYHOST independently of *VERIFYPEER

Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
1 file changed
tree: 39a854a8cc010acc3ba917c865b071a3e0a78b50
  1. CMake/
  2. docs/
  3. include/
  4. lib/
  5. m4/
  6. packages/
  7. perl/
  8. src/
  9. tests/
  10. vs/
  11. winbuild/
  12. .gitattributes
  13. .gitignore
  14. .travis.yml
  15. acinclude.m4
  16. buildconf
  17. buildconf.bat
  18. CHANGES
  19. CHANGES.0
  20. CMakeLists.txt
  21. configure.ac
  22. contributors.sh
  23. COPYING
  24. CTestConfig.cmake
  25. curl-config.in
  26. GIT-INFO
  27. install-sh
  28. libcurl.pc.in
  29. log2changes.pl
  30. MacOSX-Framework
  31. Makefile.am
  32. Makefile.dist
  33. maketgz
  34. missing
  35. mkinstalldirs
  36. README
  37. RELEASE-NOTES
  38. TODO-RELEASE