[SECURITY] [DLA 134-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 134-1] curl security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 15 Jan 2015 22:10:23 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1501152208270.3372@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : curl
Version        : 7.21.0-2.1+squeeze11
CVE ID         : CVE-2014-8150

Andrey Labunets of Facebook discovered that cURL, an URL transfer
library, fails to properly handle URLs with embedded end-of-line
characters. An attacker able to make an application using libcurl to
access a specially crafted URL via an HTTP proxy could use this flaw to
do additional requests in a way that was not intended, or insert
additional request headers into the request.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUuCzAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHjaMQAImPPJstJX40w6K8gOkS0iM1
optaVATdX8AfWwDFKc+gzH3JoqZ3hGI1CUEfcS0YNmxLP5QBDPluDAlyBoBa4xDH
zFo2Xr8YhNTalwvQIdFA4BKcnFy/Ggv6rG2cV7yKrE2vWt7ONt0C+9fza6W6DcNh
YJyJw01jCVHhzjc3G14g0Lz3IXAY+ej/P5eySwadFIbYCM54cb/RmjKSNQqieeJG
v2GMTrg69V01jUS2hzIXajYl4CP1hds6zfRDGqqW7LL/Fup8YZsG5kSI9lz4KOYI
KEyEzJ6xRfnqxehGCZgkC96bNo0Zgn26Qgxy8m6qwxymf1Faq3Ig7JmfP8gFw+ou
r6vzuhfJMQj+8CUCxpDBVxO1HhwoaIdsWNHx1YWy/PRA/q1oUbDrA6SoRwuXZuBc
RIuTCTCwHvfwUGUMNdFBY5cyrxl2/5DHmLBWVPsIbSeSlqrJ0X0REgeziyxSGGav
V9VUHEoe6mr5Zm00VdurMMJsrxKQ7YgosVxu+zPC/+sxbElAm/dQnCPTwsGNBR8N
5uCxJPlGXi4uAp0zC/Xf/wtZcGJaQYHMKNbV7kCzVZk9as3PCKrfOpv77yDQiBdW
tC8JqSrgIXx6ocYchRSaoAQd0VKqp8EXXHoY9d4JGeQbzi25xvqwLpCQz9OeFNz8
27jHX1DdviLQIJKdGTq/
=Pfex
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 133-1] unrtf security update
Next by Date: [SECURITY] [DLA 135-1] ia32-libs security update
Previous by thread: [SECURITY] [DLA 133-1] unrtf security update
Next by thread: [SECURITY] [DLA 135-1] ia32-libs security update
Index(es):
- Date
- Thread