[SECURITY] [DLA 211-1] curl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : curl
Version : 7.21.0-2.1+squeeze12
CVE ID : CVE-2015-3143 CVE-2015-3148
Several vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2015-3143
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent
over the connection authenticated as a different user. This is
similar to the issue fixed in DSA-2849-1.
CVE-2015-3148
When doing HTTP requests using the Negotiate authentication method
along with NTLM, the connection used would not be marked as
authenticated, making it possible to reuse it and send requests for
one user over the connection authenticated as a different user.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJVQUJTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHn2wQAIN/WksikQmFzeWYeyfp0C63
qYs9aUV7F5mvUmP5XerOxWN6Z44+PxtuBIxEgfUwMyVZ9MrYoDEhwvGEsQaySuap
yG/S1A2mPBCb4OaKqNGvQ6f/UQeK6M0Hv1o259VmPmuNk39bsZuCyr0vp3yTbC8y
yCewDQCJroZ+BCK23otEhKNddESQ3POilt9ztIZrjEn67F1zACWAi+d/wbr+uBOD
2xULWKp1FYeHTrqE0RLRYrj80JL9wV9rYHly+QpQ6fl/6D86LeK53Kufj82KPT6p
e3wqT2QhYS6OCiBpAgPdqOxGs/m3Mdg56MVkCyXNX4JpbObEgf/krjkSxqJ1vR8x
qCR4PvuHk10fJ0ydEi0KhTzoNdi/j9bGNNxO6qhcs3psUEUfBBWJ4hmYqI8Cik6k
WQXLwQYvHTOgSu30CRaLft2YvMPXoO12sVwZBz6GS+AnUS7X1dH457fowerijurf
1XmNvU57/yBd49vS6AIFzO0vNtO2j/pFSu2Fq1S4h7Mlbv8kBJE6pw2xNECdpsCS
LkfgIOlAM6yO/CGYiughfcaEZf8EBXyRmsXIuEe+qRkdE1loVYRPl5ELFWU2s+rh
wrX2ALdoBYD0p5599EOoerF9rI2GSZBAhqENqoXyamdogoFy//N/DqRdnsKTWDQZ
ZzCZmm4dHvSm+uGoW39D
=nxFz
-----END PGP SIGNATURE-----
Reply to: