fixed 518423 7.19.5-1 * Ben Finney (ben+deb...@benfinney.id.au) [090606 04:34]: > On 11-Mar-2009, Nico Golde wrote: > > Source: curl > > Source-Version: 7.18.2-8.1 > > … > > > > Closes: 518423 > > Changes: > > curl (7.18.2-8.1) unstable; urgency=high > > . > > * Non-maintainer upload by the security team. > > * Include upstream patch to prevent overwriting and reading arbitrary > > local files or command execution via malicious redirects depending on > > the setup curl is used in. > > NOTE: This update introduces a new option called > > CURLOPT_REDIR_PROTOCOLS > > which includes the protocols curl will follow on redirects, scp and > > file > > are not included by default (CVE-2009-0037; Closes: #518423). > > This bug fix has not yet made it into Sid, which is blocking the > progression of ‘pycurl’ into Squeeze since it has a dependency on a > newer version of ‘curl’. > > What is the prognosis for getting this fix into Squeeze? >
-- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
