Control: tags -1 + confirmed On Sun, 2024-10-27 at 22:06 +0000, [email protected] wrote: > Package: release.debian.org > Control: affects -1 + src:curl > X-Debbugs-Cc: [email protected], [email protected], > [email protected] > User: [email protected] > Usertags: pu
Note that the usertagging here didn't work, so the bug was not displayed in the SRM section of the release.d.o BTS view. My guess is that the broken linewrapped X-Debbugs-CC header lead to the "[email protected]" line being treated as the first line of the body, and thus the following lines not processed as pseudo-headers. [...] > The reason is to fix CVE-2024-8096 [1], which involves improper > handling > of OCSP stapling in curl when using GnuTLS as the TLS backend. If the > OCSP status returns an error other than "revoked" (e.g., > "unauthorized"), curl fails to mark the certificate as invalid. Please go ahead. Regards, Adam
