1
PublicDateAtUSN: 2013-04-12 15:00:00 UTC
2
Candidate: CVE-2013-1944
3
CRD: 2013-04-12 15:00:00 UTC
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
7
http://curl.haxx.se/docs/adv_20130412.html
8
https://usn.ubuntu.com/usn/usn-1801-1
10
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does
11
not properly match the path domain when sending cookies, which allows
12
remote attackers to steal cookies via a matching suffix in the domain of a
18
Discovered-by: YAMADA Yasuharu
22
upstream: http://curl.haxx.se/curl-tailmatch.patch
23
upstream_curl: released (7.30.0)
24
hardy_curl: released (7.18.0-1ubuntu2.4)
25
lucid_curl: released (7.19.7-1ubuntu1.2)
26
oneiric_curl: released (7.21.6-3ubuntu3.3)
27
precise_curl: released (7.22.0-3ubuntu4.1)
28
quantal_curl: released (7.27.0-1ubuntu1.2)
29
devel_curl: released (7.29.0-1ubuntu3)