Publishing details

• Superseded on 2017-01-14 by curl - 7.38.0-4+deb8u5
• Published on 2016-09-17

Changelog

curl (7.38.0-4+deb8u4) jessie-security; urgency=high

  * Fix TLS session resumption client cert bypass as per CVE-2016-5419
    https://curl.haxx.se/docs/adv_20160803A.html
  * Fix re-using connection with wrong client cert as per CVE-2016-5420
    https://curl.haxx.se/docs/adv_20160803B.html
  * Fix use of connection struct after free as per CVE-2016-5421
    https://curl.haxx.se/docs/adv_20160803C.html

 -- Alessandro Ghedini <email address hidden>  Mon, 01 Aug 2016 12:19:28 +0100

Builds

Package files

• curl_7.38.0-4+deb8u4.debian.tar.xz (33.8 KiB)
• curl_7.38.0-4+deb8u4.dsc (2.6 KiB)
• curl_7.38.0.orig.tar.gz (3.9 MiB)