Control: tags -1 + confirmed On Sun, 2024-10-27 at 22:06 +0000, aquilamac...@riseup.net wrote: > Package: release.debian.org > Control: affects -1 + src:curl > X-Debbugs-Cc: c...@packages.debian.org, aquilamac...@riseup.net, > samuel...@debian.org > User: release.debian....@packages.debian.org > Usertags: pu
Note that the usertagging here didn't work, so the bug was not displayed in the SRM section of the release.d.o BTS view. My guess is that the broken linewrapped X-Debbugs-CC header lead to the "samuel...@debian.org" line being treated as the first line of the body, and thus the following lines not processed as pseudo-headers. [...] > The reason is to fix CVE-2024-8096 [1], which involves improper > handling > of OCSP stapling in curl when using GnuTLS as the TLS backend. If the > OCSP status returns an error other than "revoked" (e.g., > "unauthorized"), curl fails to mark the certificate as invalid. Please go ahead. Regards, Adam
