[SECURITY] [DLA 1263-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1263-1] curl security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 29 Jan 2018 22:39:06 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1801292237300.5026@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : curl
Version        : 7.26.0-1+wheezy24
CVE ID         : CVE-2018-1000007

Craig de Stigter discovered that authentication data might be leaked tothird parties when following HTTP redirects.



For Debian 7 "Wheezy", these problems have been fixed in version
7.26.0-1+wheezy24.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJab5R6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHMWEP/RGjQsD+JqeMW/ysXxeJWnJO
BZ1qFqXquMYHIwtCqVMDIlTAyti+rL1hjixm/WPIcMRv0RGbMn6yXxbeEA/iKXjA
pNBcObTNhaXc/gAMdJ9KsirYOjMaFNoShIXuXlQ+HUGwPoAFDYgu+JbRLKLJWQbf
9+TPTbUmw3jteO6ERzCiCBovkuI9ddHYdHR6fK++79cw0gex9iyGaZHkTzfOq6b5
WlRijnkhj9L5Sx/YSFOqmzH2oTVdeTD2Ew0Qy6c3aCk6tNz/MMoL77sLdQ55ZCgZ
cZn69Y0XTS7wlV83+2UaR1qyhcKf0bnV7m1HCQ9v+BUe9XG5upfxFOFlAu9Xyzff
UPAg64vR/v0No+kOmyAFjlP0lH19YgZmg23hYrvLNZ4WT1lb/Aa/XiBnSSpTPZis
Wa3G7pMw9OdAPeN9c+kR9pphbEj5M0kkCVDy5UO/POzR1VCW42btuTwmy99Iw7UF
WGPa3HO/5C0DI7H7K4twNeovvXj5pC0SHpmFewAotJvNQlna+VODEVj24adlBYga
DKZolAfjrkdnPZ+D8XjkM0BXi3vCJBfqAVaBORQ0gdQS/HVOS89WNEb25vPP3Hji
tAlgtNdUJ6wkL42osl+gOiZZlcPnT4fmWLyB9FtEoEHy+bQCwSk05zp5sluylXIy
o/EKjwh/cyFsIQXO9dWE
=+Njb
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1263-1] debian-security-support update
Next by Date: [SECURITY] [DLA 1264-1] unbound security update
Previous by thread: [SECURITY] [DLA 1263-1] debian-security-support update
Next by thread: [SECURITY] [DLA 1264-1] unbound security update
Index(es):
- Date
- Thread