~ubuntu-branches/ubuntu/trusty/curl/trusty-security

Viewing all changes in revision 80.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-04-29 14:03:00 UTC
  • Revision ID: package-import@ubuntu.com-20150429140300-tgmexcuwth14p3gg
Tags: 7.35.0-1ubuntu2.5
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: