DSA-4098-1 curl -- curlID: oval:org.secpod.oval:def:603251 | Date: (C)2018-02-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
curl |
libcurl4-gnutls-dev |
libcurl4-doc |
libcurl4-openssl-dev |
libcurl3 |
libcurl4-nss-dev |