Viewing all changes in revision 77.
- Committer: Package Import Robot
- Date: 2014-09-11 08:21:24 UTC
- Revision ID: package-import@ubuntu.com-20140911082124-3hzo21lwlip4fu49
* SECURITY UPDATE: incorrect cookie handling via partial literal IP
addresses
- debian/patches/CVE-2014-3613.patch: only use full host matches for
hosts used as IP address in lib/cookie.c, added tests to
tests/data/test1105, tests/data/test31, tests/data/test8.
- CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
- debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
TLDs in lib/cookie.c, added test to tests/data/test61.
- CVE-2014-3620
addresses
- debian/patches/CVE-2014-3613.patch: only use full host matches for
hosts used as IP address in lib/cookie.c, added tests to
tests/data/test1105, tests/data/test31, tests/data/test8.
- CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
- debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
TLDs in lib/cookie.c, added test to tests/data/test61.
- CVE-2014-3620
- files added:
- .pc/CVE-2014-3613.patch
- .pc/CVE-2014-3613.patch/lib
- .pc/CVE-2014-3613.patch/tests
- .pc/CVE-2014-3613.patch/tests/data
- .pc/CVE-2014-3620.patch
- .pc/CVE-2014-3620.patch/lib
- .pc/CVE-2014-3620.patch/tests
- .pc/CVE-2014-3620.patch/tests/data
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
