[SECURITY] [DLA 64-1] curl security update

2014-09-26T21:46:49
ID DEBIAN:DLA-64-1:CEBAF
Type debian
Reporter Debian
Modified 2014-09-26T21:46:49

Description

Package : curl Version : 7.21.0-2.1+squeeze9 CVE ID : CVE-2014-3613

CVE-2014-3613

 By not detecting and rejecting domain names for partial literal IP
 addresses properly when parsing received HTTP cookies, libcurl can
 be fooled to both sending cookies to wrong sites and into allowing
 arbitrary sites to set cookies for others.