Public bug reported:
The package libcurl3-7.35.0 on Ubuntu Trusty crashes when reusing a curl
handle and turning on proxy NTLM authentication. The libgit2 project is
repeatedly hitting this issue on the new Travis CI container
infrastructure, which they have recently updated to make use of Ubuntu
Trusty.
This issue stems from the backported fix to CVE-2016-0755 (NTLM: Fix
ConnectionExists to compare Proxy credentials), which introduces a null-
pointer exception when one of the proxy credentials is `NULL`. The issue
has already been fixed upstream in commit
fa5fa65a309f352284e58f52183d586886eb17ea, which should be backported to
fix the segfault. See the attached patch from Isaac Boukris.
Please consider including this patch to fix the fix for CVE-2016-0755.
** Affects: curl (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "Upstream patch"
https://bugs.launchpad.net/bugs/1707214/+attachment/4923083/+files/ntlm-segfault.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707214
Title:
libcurl3 crashes when reusing handle with proxy NTLM authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1707214/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
