Re: [SECURITY] [DSA 3455-1] curl security update
Hi,
I notice that there are no fixes for oldstable. Is oldstable not
affected by this security issue?
All the best,
Wolfgang
Am Mittwoch, den 27.01.2016, 12:16 +0000 schrieb Alessandro Ghedini:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3455-1 security@debian.org
> https://www.debian.org/security/ Alessandro Ghedini
> January 27, 2016 https://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : curl
> CVE ID : CVE-2016-0755
>
> Isaac Boukris discovered that cURL, an URL transfer library, reused
> NTLM-authenticated proxy connections without properly making sure that
> the connection was authenticated with the same credentials as set for
> the new transfer. This could lead to HTTP requests being sent over the
> connection authenticated as a different user.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 7.38.0-4+deb8u3.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 7.47.0-1.
>
> We recommend that you upgrade your curl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
Reply to: