Re: Bug#342696: curl's off-by-one error (#342696, CVE-2005-4077) update for sarge
Date: Fri, 3 Mar 2006 17:22:24 +0100
On Wed, Mar 01, 2006 at 10:54:18PM +0100, Martin Schulze wrote:
> Domenico Andreoli wrote:
> > long time ago the upstream developer informed me that the fix for
> > curl's CVE-2005-4077 now in sarge with 7.13.2-2sarge4 is not enough.
> > i finally came with a fixed curl 7.13.2-2sarge5 package. it is available
> > at http://people.debian.org/~cavok/curl/.
> Thanks a lot. Uploaded.
> I've also added the first part of the patch to the woody update.
> Could you tell us which version in sid corrects the correction?
7.15.1-1 already fixed this. please read
this correction is required only for version between 7.11.2 (included)
and 7.14.0 (included). versions before 7.11.2 are not affected. after
7.14.0, the first patch (the one applied to get 7.13.2-2sarge3)
-----[ Domenico Andreoli, aka cavok
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
- application/pgp-signature attachment: Digital signature