On 11-Mar-2009, Nico Golde wrote: > Source: curl > Source-Version: 7.18.2-8.1 > … > > Closes: 518423 > Changes: > curl (7.18.2-8.1) unstable; urgency=high > . > * Non-maintainer upload by the security team. > * Include upstream patch to prevent overwriting and reading arbitrary > local files or command execution via malicious redirects depending on > the setup curl is used in. > NOTE: This update introduces a new option called CURLOPT_REDIR_PROTOCOLS > which includes the protocols curl will follow on redirects, scp and file > are not included by default (CVE-2009-0037; Closes: #518423).
This bug fix has not yet made it into Sid, which is blocking the progression of ‘pycurl’ into Squeeze since it has a dependency on a newer version of ‘curl’. What is the prognosis for getting this fix into Squeeze? -- \ “Facts are meaningless. You could use facts to prove anything | `\ that's even remotely true!” —Homer, _The Simpsons_ | _o__) | Ben Finney <b...@benfinney.id.au>
signature.asc
Description: Digital signature
