[SECURITY] [DLA 616-1] curl security update

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : curl

Version : 7.26.0-1+wheezy15

CVE ID : CVE-2016-7141

Debian Bug : 836918

 

It was discovered that libcurl built on top of NSS (Network Security

Services) incorrectly re-used client certificates if a certificate from

file was used for one TLS connection but no certificate set for a

subsequent TLS connection.

 

For Debian 7 "Wheezy", this problem has been fixed in version

7.26.0-1+wheezy15.

 

We recommend that you upgrade your curl packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

 

iQIcBAEBCAAGBQJX0qGbAAoJEPZk0la0aRp9rSsP/30PNyEz8smnzqQZRAWYwJz2

/THly88AJLPjavd2+SG617/f7lqxNd03R6gl/03yF1O+6KskQ2UffDA0rLqgqXnW

9fPYP34wAAfwAaHLMsmB6j4ASkHRe1xemcVCklOc0+Gm3yaQw3q/xXo1PZgcEkhD

cuDlKpTSe/IVw3Qr6gCVH6CY3NM8G/75ec9M9Sn6kNodYpZ4DVTeDtj+EAjE71jO

O/yIJd9Z8UwD5rBDct8Ysc9g73pL9Nro77T5tMw89W/hcUUouvsp7BHXYaLJdSO4

DcgRzNg56F+ZY+v7W6CFrhH1EQFyiqin9VB3Bx6AYks4Wc80WZhF4BvK8QuDXsgw

Do/TpDEK4E6hRZpmVP82qF5NOPoXYCODecs8gRW2jrOyFhNZKHDCEod++CiqSIpJ

kkjXNZDgv+DQkUgmko+GH/e2mMPNXpl8QM85kPTkz4yGQp7nr0UvJVjTW+wfnkXn

FTcEGQ79fE3BMbr5wJTQX6s5kGiItnCRqbAwzkppoE7VVhzXCtrhVi8ZVcj5x2zB

TIEPGhp1oqS0sdHhow5tOwzml1ihAOveE8eOmY+J/96Tzo01IpQPUWMqaHk3qntE

kFtvPgx0YnA0ePQ0FWSY4sbPERW9TkZnJrzNKALMkdWCAi7e2p+/tMfn02+KavcL

Dsx2jDLqeM8E6zRXma42

=6fmS

-----END PGP SIGNATURE-----