cURL / Mailing Lists / curl-library / Single Mail

curl-library

is CVE-2014-0139 fixed in libcurl-7.19.7-40.el6_6.4.x86_64

From: Patrick Rael <prael_at_lumeta.com>
Date: Wed, 18 Feb 2015 09:07:57 -0700

Hi,
       I need to confirm if the CVE-2014-0139 fix is in libcurl.
Normally we do this
by checking the rpm changelog for CVEs, it did find CVE-2014-0138, but I
can't get
confirmation for 0139. I see lots of comments about fixes that were
checked into
github and showing actual lines added, but nothing in the changelog so I
can't confirm it.

# cat /etc/centos-release
CentOS release 6.6 (Final)

# rpm -qa | grep curl
libcurl-7.19.7-40.el6_6.4.x86_64
python-pycurl-7.19.0-8.el6.x86_64
curl-7.19.7-40.el6_6.4.x86_64

# rpm -q libcurl --changelog | egrep "CVE-2014-0138|CVE-2014-0139"
- fix connection re-use when using different log-in credentials
(CVE-2014-0138)

# rpm -q curl --changelog | egrep "CVE-2014-0138|CVE-2014-0139"
- fix connection re-use when using different log-in credentials
(CVE-2014-0138)

Note: CentOS rpm versions don't match the redhat rpm versions, that's
why we use
the changelog to check for the fix.

Thanks for any help!

-->Pat
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-18