Thorsten Alteholz <[email protected]> a écrit :
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Package : curl >Version : 7.21.0-2.1+squeeze9 >CVE ID : CVE-2014-3613 > >CVE-2014-3613 > > By not detecting and rejecting domain names for partial literal IP > addresses properly when parsing received HTTP cookies, libcurl can > be fooled to both sending cookies to wrong sites and into allowing > arbitrary sites to set cookies for others. >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.6 (GNU/Linux) > >iD8DBQFUJdxJ02K2KlS5mJARAmBJAJ9jbDTVo33TmIGql11widBKqbiEkQCcDIOa >lzNACgkjxqzmxOlFTf/mpCw= >=IOwU >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to [email protected] >with a subject of "unsubscribe". Trouble? Contact [email protected] >Archive: >https://lists.debian.org/[email protected] > >
