mutt (1.5.24-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
mutt_socket.c, mutt_socket.h, mutt_ssl
mutt (1.5.24-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
mutt_socket.c, mutt_socket.h, mutt_ssl
apache2 (2.4.18-2ubuntu3.15) xenial; urgency=medium
* d/p/lp-1875299-Merge-r1688399-from-trunk.patch: use r_useragent_addr as
the root trusted address (LP: #1875299)
Date: Mon, 15 Jun 2020 16:09:55 +0200
Changed-By: Christian Ehrhardt
Maintainer: Ubuntu Developers
https://launchpad.net/ub
curl (7.47.0-1ubuntu2.15) xenial-security; urgency=medium
* SECURITY UPDATE: curl overwrite local file with -J
- debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
src/tool_cb_hdr.c, src/tool_getparam.c.
- CVE-2020-8177
Date: 2020-06-17 22:05:13.138206+00:00
Changed
curl (7.47.0-1ubuntu2.15) xenial-security; urgency=medium
* SECURITY UPDATE: curl overwrite local file with -J
- debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
src/tool_cb_hdr.c, src/tool_getparam.c.
- CVE-2020-8177
Date: 2020-06-17 22:05:13.138206+00:00
Changed
