Viewing all changes in revision 14.
- Committer: Bazaar Package Importer
- Date: 2007-10-17 15:26:20 UTC
- Revision ID: james.westby@ubuntu.com-20071017152620-zm2f9xmvb82p7jp0
* SECURITY UPDATE: denial of service via multiple HTTPS redirects
* debian/patches/28_SECURITY_LP153697.dpatch: set SSL context and SSL
connection to NULL in np_net_ssl_cleanup()
* SECURITY UPDATE: denial of service via multiple redirects
* debian/patches/29_SECURITY_LP153703.dpatch: fix off-by-one error to
re-allocate the proper amount of memory in redir()
* SECURITY UPDATE: denial of service and possible arbitrary code execution
as the user in check_http.c via crafted Location Header
* debian/patches/30_SECURITY_CVE-2007-5198.dpatch: properly validate
Location header in redir(). Thanks to Luca Falavigna for preliminary
patches.
* References
LP: #153697
LP: #153703
CVE-2007-5198
LP: #152624
* Modify Maintainer value to match the DebianMaintainerField
specification.
* debian/patches/28_SECURITY_LP153697.dpatch: set SSL context and SSL
connection to NULL in np_net_ssl_cleanup()
* SECURITY UPDATE: denial of service via multiple redirects
* debian/patches/29_SECURITY_LP153703.dpatch: fix off-by-one error to
re-allocate the proper amount of memory in redir()
* SECURITY UPDATE: denial of service and possible arbitrary code execution
as the user in check_http.c via crafted Location Header
* debian/patches/30_SECURITY_CVE-2007-5198.dpatch: properly validate
Location header in redir(). Thanks to Luca Falavigna for preliminary
patches.
* References
LP: #153697
LP: #153703
CVE-2007-5198
LP: #152624
* Modify Maintainer value to match the DebianMaintainerField
specification.
expand all
collapse all
added
removed
