[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 625-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.26.0-1+wheezy16
CVE ID         : CVE-2016-7167
Debian Bug     : 837945


It was discovered that the four four libcurl functions curl_escape(),
curl_easy_escape(), curl_unescape and curl_easy_unescape accepted
negative sting length inputs.

For Debian 7 "Wheezy", these problems have been fixed in version
7.26.0-1+wheezy16.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Jonas Meurer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX3YtGAAoJEFJi5/9JEEn+pD8P/0jQ3VQelOZjGYQkqVvUTJnk
Q95yyCjHakcwUctltuc0UIeY82gowf7BzL/a2pkT4nu2fwjAwukXBwe3HjFPsbWr
LDAmbQ0x2Aihwo1Kl1VLg2ZPa98bxLhDDdo/b4aHqZ1t7/zLSAhEjVlBWOZhqXpP
Cpf0j3CnYQrJpG3U4fRjVFtEUWGcQGXjk9e1woTQqMbiSWO1kTG5l+B8Zp5RJuQ3
zk+OX8nHRMt2g769d6o9oxgf63rkt2i16X9C/1KW9lp9iz1vhPqRSygFnnYhdrSl
gga2ZUA+txn27lb+JEvxIS5ul/Y0rrOzXcfkifbpX5ZlzFc3ynAbAKZ5wOeAU38N
QhjWUxLnIQTkj5b7waHq0S9Ozpl08TfqetDFcKoLFXfi28VDLKdfayJ5a5ERaF58
gfPYY1h6y1AKGDkn8EqTbtN273BXOwwSdbxgiPMb5MdZ+r3vLHrgtSXseLAMMNNz
jUyWH94Rr1wZJ0zoYq2grgmXKbzvkK9GSKMc01rl05e7VdMFsLZ3phls8LWwPo8e
nwaNSHwO0zUoH+A6ieN2EWqmIqzlFATwVaYEOTwe/2XdutZbINGY0rpBQBrMztXB
c4K/Bgx9ACnuQI1tcJmshVNFziLhu0rzkKb7v7oi4Mu0oA5dZrni+fxl7E6pMRV7
3y2kFlqC9Q5G2UYR21p6
=ikYg
-----END PGP SIGNATURE-----


Reply to: