Hi,
I need to confirm if the CVE-2014-0139 fix is in libcurl.
Normally we do this
by checking the rpm changelog for CVEs, it did find CVE-2014-0138, but I
can't get
confirmation for 0139. I see lots of comments about fixes that were
checked into
github and showing actual lines added, but nothing in the changelog so I
can't confirm it.
# cat /etc/centos-release
CentOS release 6.6 (Final)
# rpm -qa | grep curl
libcurl-7.19.7-40.el6_6.4.x86_64
python-pycurl-7.19.0-8.el6.x86_64
curl-7.19.7-40.el6_6.4.x86_64
# rpm -q libcurl --changelog | egrep "CVE-2014-0138|CVE-2014-0139"
- fix connection re-use when using different log-in credentials
(CVE-2014-0138)
# rpm -q curl --changelog | egrep "CVE-2014-0138|CVE-2014-0139"
- fix connection re-use when using different log-in credentials
(CVE-2014-0138)
Note: CentOS rpm versions don't match the redhat rpm versions, that's
why we use
the changelog to check for the fix.
Thanks for any help!
-->Pat
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
