Univention Bugzilla – Bug 35874
curl: Multiple issues (3.2)
Last modified: 2014-10-30 14:13:41 CET
Information leak in cookie handling (CVE-2014-3613, CVE-2014-3620)
(In reply to Moritz Muehlenhoff from comment #0) > Information leak in cookie handling (CVE-2014-3613, CVE-2014-3620) CVE-2014-3620 only affects versions 7.31.0 and later
Tests (amd64): OK Advisory: 2014-10-16-curl.yaml
OK: announce_errata -V 2014-10-16-curl.yaml OK: 2014-10-16-curl.yaml FYI: "curl" is more then just a "HTTP lib": it supports DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. OK: /usr/share/doc/libcurl3/changelog.Debian.gz OK: CVE-2014-3620 not affected OK: dpkg-query -W libcurl\* curl OK: amd64 i386 OK: curl https://www.univention.de/ OK: curl ftp://ftp.kernel.org/ OK: curl http://$USER:$PASSWORD@$HOST/$PATH/ OK: curl imaps://$USER:$PASSWORD@$HOST/
http://errata.univention.de/ucs/3.2/228.html