Rép: [SECURITY] [DLA 64-1] curl security update
Thorsten Alteholz <debian@alteholz.de> a écrit :
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Package : curl
>Version : 7.21.0-2.1+squeeze9
>CVE ID : CVE-2014-3613
>
>CVE-2014-3613
>
> By not detecting and rejecting domain names for partial literal IP
> addresses properly when parsing received HTTP cookies, libcurl can
> be fooled to both sending cookies to wrong sites and into allowing
> arbitrary sites to set cookies for others.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>
>iD8DBQFUJdxJ02K2KlS5mJARAmBJAJ9jbDTVo33TmIGql11widBKqbiEkQCcDIOa
>lzNACgkjxqzmxOlFTf/mpCw=
>=IOwU
>-----END PGP SIGNATURE-----
>
>
>--
>To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: https://lists.debian.org/Pine.LNX.4.64.1409262333180.2943@tor.gallien.in-chemnitz.de
>
>
Reply to: