Lucene search

K
osvGoogleOSV:DSA-3455-1
HistoryJan 27, 2016 - 12:00 a.m.

curl - security update

2016-01-2700:00:00
Google
osv.dev
8

Isaac Boukris discovered that cURL, an URL transfer library, reused
NTLM-authenticated proxy connections without properly making sure that
the connection was authenticated with the same credentials as set for
the new transfer. This could lead to HTTP requests being sent over the
connection authenticated as a different user.

For the stable distribution (jessie), this problem has been fixed in
version 7.38.0-4+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 7.47.0-1.

We recommend that you upgrade your curl packages.