[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3455-1] curl security update

Hi,

I notice that there are no fixes for oldstable. Is oldstable not
affected by this security issue?

All the best,
Wolfgang

Am Mittwoch, den 27.01.2016, 12:16 +0000 schrieb Alessandro Ghedini:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3455-1                   security@debian.org
> https://www.debian.org/security/                       Alessandro Ghedini
> January 27, 2016                      https://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : curl
> CVE ID         : CVE-2016-0755
> 
> Isaac Boukris discovered that cURL, an URL transfer library, reused
> NTLM-authenticated proxy connections without properly making sure that
> the connection was authenticated with the same credentials as set for
> the new transfer. This could lead to HTTP requests being sent over the
> connection authenticated as a different user.
> 
> For the stable distribution (jessie), this problem has been fixed in
> version 7.38.0-4+deb8u3.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 7.47.0-1.
> 
> We recommend that you upgrade your curl packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
Reply to: