Hi Alessandro, On Tue, Nov 19, 2013 at 06:18:42PM +0100, Alessandro Ghedini wrote: > Control: reassing -1 curl > Control: found -1 curl/7.21.0-2.1+squeeze5 > Control: found -1 curl/7.26.0-1+wheezy5 > Control: tags -1 confirmed > > On mar, nov 19, 2013 at 09:51:35 -0600, Brian Kroth wrote: > > Package: libcurl3 > > Version: 7.21.0-2.1+squeeze5 > > Severity: important > > > > > > Hi, I believe I've found a regression in the recent libcurl3 DSA update. > > Basically, it doesn't seem to be respecting the --insecure option in all > > cases. > > Yes, it seems that the libcurl3 patch exposed a latent bug in the curl tool > that was fixed in a later version (7.28.1 AFAICT). Wheezy is affected too. > > For the security team, I prepared new uploads that fix the regression (see > attached debdiffs), could you please have a look?
This looks good to me. Could you upload both packages for security-master? Regards, Salvatore
signature.asc
Description: Digital signature
