It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. For the oldstable distribution , this problem has been fixed in version 7.15.5-1etch3. For the stable distribution , this problem has been fixed in version 7.18.2-8lenny3. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your curl packages.