[Fwd: [Bug 1234] New: Security flaws in cURL 7.13.0]

Dan Osterrath Dan.Osterrath at gmx.de
Wed Feb 23 23:51:32 PST 2005


PS: What a nice bug id. Any awards for me? ;-)

-------- Original-Nachricht --------
Betreff: 	[Bug 1234] New: Security flaws in cURL 7.13.0
Datum: 	Thu, 24 Feb 2005 00:23:16 -0700 (MST)
Von: 	blfs-bugs at linuxfromscratch.org
Antwort an: 	BLFS Book Maintenance List <blfs-book at linuxfromscratch.org>
An: 	blfs-book at linuxfromscratch.org


           Summary: Security flaws in cURL 7.13.0
           Product: Beyond LinuxFromScratch
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P1
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: Dan.Osterrath at gmx.de
         QAContact: blfs-book at linuxfromscratch.org

There are two security leaks in the current version of cURL.

iDefense only verified verison 7.12.1 but the cURL news page doesn't state
explicitely that 7.13.0 is clean.

Unfortunately there seems to be only one official patch for the first issue
(NTLM authentication).
The date of revision 1.36 confirms the suspicion that even the current version
is affected.

The second issue (kerberos authentication) seems to be still unpatched. At least
there is a suggestion on the website from iDefense. (see upper links)

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20050224/2b47c4ea/attachment.sig>

More information about the lfs-security mailing list