*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: links2
* SECURITY UPDATE:
+ session.c:
- Make sure links cannot bypass the proxy, if it is
configurered only to use it in order to avoid leaking
of sensitive information to external programs.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492744
** Affects: links2 (Ubuntu)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: Fix Released
** Affects: links2 (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: links2 (Ubuntu Feisty)
Importance: Undecided
Status: New
** Affects: links2 (Ubuntu Gutsy)
Importance: Undecided
Status: New
** Affects: links2 (Ubuntu Hardy)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: In Progress
** Affects: links2 (Ubuntu Intrepid)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: Fix Released
** Visibility changed to: Public
--
CVE-2008-3329 Links2 when "only proxies" is selected, don't pass URLs to
external programs
https://bugs.launchpad.net/bugs/254780
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
