On Sat, Feb 11, 2012 at 02:04:01PM +0100, Alessandro Ghedini wrote:
> On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote:
> > On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
> > > On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
> > > > Having SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS disabled by default
> > > > would be fine if I had the option to turn it on. In that case
> > > > it's my decision to ignore the security consequences.
> > >
> > > This has been fixed upstream now (commits 2a699bc6 and 62d15f15).
> >
> > Do you plan to upload this to stable-proposed-updates?
>
> Yep, once curl 7.25.0 is released and uploaded to unstable (as Julian said
> I'll prepare another upload for security).
We should fix this through stable-security. Please send a debdiff once
the fix has been testing in unstable for a few days.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
