-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2015-04-29 10:23:26 UTC
-
Revision ID:
package-import@ubuntu.com-20150429102326-8ybf0cqvdjnk33yf
Tags: 7.37.1-1ubuntu3.4
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
- debian/patches/CVE-2015-3143.patch: require credentials to match in
lib/url.c.
- CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
- debian/patches/CVE-2015-3144.patch: check for valid length in
lib/url.c.
- CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
- debian/patches/CVE-2015-3145.patch: properly handle a single double
quote in lib/cookie.c.
- CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
- debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
each exchange and close Negotiate connections when done in
lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
- CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
- debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
- CVE-2015-3153