Rép: [SECURITY] [DLA 64-1] curl security update

To: debian-lts@lists.debian.org
Subject: Rép: [SECURITY] [DLA 64-1] curl security update
From: "sylvain.gros-desormeaux" <sylvain.gros-desormeaux@knowledge-technology.fr>
Date: Sat, 27 Sep 2014 20:07:51 -0400
Message-id: <[🔎] 9t3tj8dct23yr05ep78fhsuj.1411862871680@email.android.com>


Thorsten Alteholz <debian@alteholz.de> a écrit :

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Package        : curl
>Version        : 7.21.0-2.1+squeeze9
>CVE ID         : CVE-2014-3613
>
>CVE-2014-3613
>
>      By not detecting and rejecting domain names for partial literal IP
>      addresses properly when parsing received HTTP cookies, libcurl can
>      be fooled to both sending cookies to wrong sites and into allowing
>      arbitrary sites to set cookies for others.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>
>iD8DBQFUJdxJ02K2KlS5mJARAmBJAJ9jbDTVo33TmIGql11widBKqbiEkQCcDIOa
>lzNACgkjxqzmxOlFTf/mpCw=
>=IOwU
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: https://lists.debian.org/Pine.LNX.4.64.1409262333180.2943@tor.gallien.in-chemnitz.de
>
>

Reply to:

Prev by Date: Bug#763339: lintian: please recognize "squeeze-lts" as suite
Previous by thread: Bug#763339: lintian: please recognize "squeeze-lts" as suite
Index(es):
- Date
- Thread