CVE-2007-3564

Name	CVE-2007-3564
Description	libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1333-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
curl (PTS)	bullseye	7.74.0-1.3+deb11u13	fixed
	bullseye (security)	7.74.0-1.3+deb11u14	fixed
	bookworm	7.88.1-10+deb12u8	fixed
	bookworm (security)	7.88.1-10+deb12u5	fixed
	sid, trixie	8.11.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
curl	source	etch	7.15.5-1etch1		DSA-1333-1
curl	source	(unstable)	7.16.4-1	low