Univention Bugzilla – Bug 36967
curl: Multiple issues (4.0)
Last modified: 2017-10-26 13:54:47 CEST
+++ This bug was initially created as a clone of Bug #36468 +++ Information leak in curl_easy_duphandle() (CVE-2014-3707)
CVE-2014-8150 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.
This was fixed during the import of the Wheezy 7.8 point update in Bug 37511
UCS 4.0-1 has been released: http://docs.univention.de/release-notes-4.0-1-en.html http://docs.univention.de/release-notes-4.0-1-de.html If this error occurs again, please use "Clone This Bug".