On Wed, Mar 01, 2006 at 10:54:18PM +0100, Martin Schulze wrote: > Domenico Andreoli wrote: > > long time ago the upstream developer informed me that the fix for > > curl's CVE-2005-4077 now in sarge with 7.13.2-2sarge4 is not enough. > > Ouch! > > > i finally came with a fixed curl 7.13.2-2sarge5 package. it is available > > at http://people.debian.org/~cavok/curl/. > > Thanks a lot. Uploaded. > > I've also added the first part of the patch to the woody update. > > Could you tell us which version in sid corrects the correction?
7.15.1-1 already fixed this. please read http://curl.haxx.se/mail/lib-2005-12/0119.html. this correction is required only for version between 7.11.2 (included) and 7.14.0 (included). versions before 7.11.2 are not affected. after 7.14.0, the first patch (the one applied to get 7.13.2-2sarge3) is enough. cheers domenico -----[ Domenico Andreoli, aka cavok --[ http://people.debian.org/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
signature.asc
Description: Digital signature
