[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1937-1] httpie security update

Package        : httpie
Version        : 0.8.0-1+deb8u1
CVE ID         : CVE-2019-10751
Debian Bug     : 940058

An open redirect, that allows an attacker to write an arbitrary file with
supplied filename and content to the current directory, by redirecting a
request from HTTP to a crafted URL pointing to a server in his or hers control,
was found and reported in CVE-2019-10751.
This was patched upstream and so when `--download` without `--output` results
in a redirect, now only the initial URL is considered, not the final one.

For Debian 8 "Jessie", this problem has been fixed in version

We recommend that you upgrade your httpie packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: