[ubuntu/trusty-security] curl 7.35.0-1ubuntu2.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 30 13:07:51 UTC 2015
curl (7.35.0-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
- debian/patches/CVE-2015-3143.patch: require credentials to match in
lib/url.c.
- CVE-2015-3143
* SECURITY UPDATE: cookie parser out of boundary memory access
- debian/patches/CVE-2015-3145.patch: properly handle a single double
quote in lib/cookie.c.
- CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
- debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
each exchange and close Negotiate connections when done in
lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
- CVE-2015-3148
Date: 2015-04-29 18:47:15.341843+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list