shellinabox (2.14-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Disable HTTP fallback using the URL /plain.
Consequently disables automatic upgrades from HTTP to HTTPS.
- Thanks to Stephen Roettger for finding the bug.
- Thanks to Luka Krajger for writing the fix.
- Fixes CVE-2015-8400
Date: 2016-08-24 21:56:17.310309+00:00
Changed-By: Emily Ratliff <[email protected]>
Signed-By: Tyler Hicks <[email protected]>
https://launchpad.net/ubuntu/+source/shellinabox/2.14-1ubuntu0.1
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
