[ubuntu/vivid-updates] curl 7.38.0-3ubuntu2.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Apr 30 13:28:20 UTC 2015
curl (7.38.0-3ubuntu2.2) vivid-security; urgency=medium
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
- debian/patches/CVE-2015-3143.patch: require credentials to match in
lib/url.c.
- CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
- debian/patches/CVE-2015-3144.patch: check for valid length in
lib/url.c.
- CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
- debian/patches/CVE-2015-3145.patch: properly handle a single double
quote in lib/cookie.c.
- CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
- debian/patches/CVE-2015-3148.patch: close Negotiate connections when
done in lib/http.c.
- CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
- debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
- CVE-2015-3153
Date: 2015-04-29 14:59:12.739166+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Vivid-changes
mailing list