Debian Security Advisory 1869-1 – It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80529/dsa-1869-1.txt
Source: https://packetstormsecurity.com/files/80529/Debian-Linux-Security-Advisory-1869-1.html