SECURITY ADVISORY: libcurl cert name check ignore
November 15 2013
libcurl is vulnerable to a case of missing out the checking of the
certificate CN or SAN name field when the digital signature verification is
Read the full Project cURL Security
Advisory for CVE-2013-4545.
In this little piece I'll explain why there won't be any version 8 of
curl and libcurl in a long time. I won't rule out that it might happen at
some point in the future. Just that it won't happen anytime soon and explain
the reasons why.
The bug-tracker on
Sourceforge that we've been using for well over a decade has been a
subject of annoyance basically since day 1. It has now gotten a facelift and
looks slightly better and possibly also works better.
The bug number sequence is modified, the mail notifications are different,
the comments are threaded etc.
Submit your bug reports and your comments to see for yourself!