Package: curl Version: 7.52.1-3 Tags: upstream Severity: important
Using an HTTP proxy with curl that sends Transfer-Encoding or Content-Length headers will make curl output an error message and close the connection. According to RFC 7231 section 4.3.6 "A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT." This means, even though the server itself is not RFC-compatible, the curl client must ignore those headers. The bug was reported to upstream[1] and a patch already exists[2]. [1]: https://github.com/curl/curl/issues/1317 [2]: https://github.com/curl/curl/commit/ec1d0ed1c14d1b2ed06d8914c19b3df2da575005 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages curl depends on: ii libc6 2.24-9 ii libcurl3 7.52.1-3 ii zlib1g 1:1.2.8.dfsg-5 curl recommends no packages. curl suggests no packages. -- no debconf information
