[SECURITY] [DLA 64-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 64-1] curl security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 26 Sep 2014 23:36:05 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.64.1409262333180.2943@tor.gallien.in-chemnitz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : curl
Version        : 7.21.0-2.1+squeeze9
CVE ID         : CVE-2014-3613

CVE-2014-3613

     By not detecting and rejecting domain names for partial literal IP
     addresses properly when parsing received HTTP cookies, libcurl can
     be fooled to both sending cookies to wrong sites and into allowing
     arbitrary sites to set cookies for others.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFUJdxJ02K2KlS5mJARAmBJAJ9jbDTVo33TmIGql11widBKqbiEkQCcDIOa
lzNACgkjxqzmxOlFTf/mpCw=
=IOwU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 63-1] bash security update
Next by Date: [SECURITY] [DLA 65-1] python-django security update
Previous by thread: [SECURITY] [DLA 63-1] bash security update
Next by thread: [SECURITY] [DLA 65-1] python-django security update
Index(es):
- Date
- Thread