~ubuntu-branches/ubuntu/quantal/curl/quantal-security

Viewing all changes in revision 70.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-01 09:59:44 UTC
  • Revision ID: package-import@ubuntu.com-20140401095944-xoks2frfilnas8m9
Tags: 7.27.0-1ubuntu1.9
* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: