Bug 38352

Summary: curl: Multiple issues (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P3 CC: gohmann
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:

Description Arvid Requate univentionstaff 2015-04-24 12:11:34 CEST 
New issues fixed in 7.26.0-1+wheezy13:

* Re-using authenticated connection when unauthenticated (CVE-2015-3143)
* Negotiate not treated as connection-oriented (CVE-2015-3148)
Comment 1 Arvid Requate univentionstaff 2015-06-03 11:20:38 CEST 
Followup to Bug 36468
Comment 2 Janek Walkenhorst univentionstaff 2015-06-04 19:23:51 CEST 
Tests (i386): OK
Advisory: 2015-06-04-curl.yaml
Comment 3 Philipp Hahn univentionstaff 2015-06-15 11:08:46 CEST 
OK: amd64 i386
OK: apt-cache policy curl
OK: aptitude install '?source-package(^curl$)~i'
OK: zless /usr/share/doc/curl/changelog.Debian.gz
OK: curl -v http://docs.univention.de/
OK: curl -v https://www.univention.de/
OK: http_proxy=http://127.0.0.1:80 curl -v http://docs.univention.de/
OK: https_proxy=http://127.0.0.1:80 curl -v https://www.univention.de/
FIXED: 2015-06-04-curl.yaml → r61250
OK: CVE-2015-3143 CVE-2015-3148
OK: errata-announce -V 2015-06-04-curl.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-06-17 18:13:13 CEST 
<http://errata.univention.de/ucs/4.0/213.html>