[ubuntu/trusty-security] shellinabox 2.14-1ubuntu0.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Wed Aug 24 22:47:21 UTC 2016

shellinabox (2.14-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Disable HTTP fallback using the URL /plain.
    Consequently disables automatic upgrades from HTTP to HTTPS.
    - Thanks to Stephen Roettger for finding the bug.
    - Thanks to Luka Krajger for writing the fix.
    - Fixes CVE-2015-8400

Date: 2016-08-24 21:56:17.310309+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
Signed-By: Tyler Hicks <tyhicks at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list