[ubuntu/trusty-security] curl 7.35.0-1ubuntu2.5 (Accepted)

Thu, 30 Apr 2015 06:08:51 -0700 

curl (7.35.0-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: NTLM connection reuse when unauthenticated
    - debian/patches/CVE-2015-3143.patch: require credentials to match in
      lib/url.c.
    - CVE-2015-3143
  * SECURITY UPDATE: cookie parser out of boundary memory access
    - debian/patches/CVE-2015-3145.patch: properly handle a single double
      quote in lib/cookie.c.
    - CVE-2015-3145
  * SECURITY UPDATE: negotiate not treated as connection-oriented
    - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
      each exchange and close Negotiate connections when done in
      lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
    - CVE-2015-3148

Date: 2015-04-29 18:47:15.341843+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5

Sorry, changesfile not available.
-- 
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

Reply via email to