New Debian curl 7.38.0-4+deb8u12 fixes: This update addresses the following issue: * NTLM password overflow via integer overflow (CVE-2018-14618)
--- mirror/ftp/4.2/unmaintained/component/4.2-4-errata/source/curl_7.38.0-4+deb8u11.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/curl_7.38.0-4+deb8u12.dsc @@ -1,3 +1,8 @@ +7.38.0-4+deb8u12 [Sat, 08 Sep 2018 11:55:45 +0100] Chris Lamb <lamby@debian.org>: + + * Fix an NTLM password overflow via integer overflow as per CVE-2018-14618 + https://curl.haxx.se/docs/CVE-2018-14618.html. + 7.38.0-4+deb8u11 [Tue, 15 May 2018 23:05:31 +0100] Alessandro Ghedini <ghedo@debian.org>: * Fix heap buffer over-read when parsing bad RTSP headers <http://10.200.17.11/4.2-4/#580695000924232744>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-4] 21d4bbf351 Bug #47772: curl 7.38.0-4+deb8u12 doc/errata/staging/{gdm3.yaml => curl.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) [4.2-4] a83b14745d Bug #47761: gdm3 3.14.1-7+deb8u1 .../2018-08-15-linux-base.yaml => staging/gdm3.yaml} | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) [4.2-4] ba5e346e94 Bug #47544: linux-base ANNOUNCE .../{staging/linux-base.yaml => published/2018-08-15-linux-base.yaml} | 2 ++ 1 file changed, 2 insertions(+)
<http://errata.software-univention.de/ucs/4.2/507.html>