stable

curl-7.37.0-7.fc21

FEDORA-2014-10679 created by kdudka 8 years ago for Fedora 21
  • use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
  • reject incoming cookies set for top level domains (CVE-2014-3620)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2014-10679

This update has been submitted for testing by kdudka.

8 years ago

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1g3nq (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1g3nx (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago
User Icon ignatenkobrain commented & provided feedback 8 years ago
karma

no regressions

Critical path update approved

8 years ago
User Icon nonamedotc commented & provided feedback 8 years ago
karma

looks good to me

User Icon fafatheone commented & provided feedback 8 years ago
karma

Looks good.

This update has reached the stable karma threshold and will be pushed to the stable updates repository

8 years ago

Thank you for providing the feedback!

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1gjj0 (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

8 years ago

This update is currently being pushed to the Fedora 21 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1136154 CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
0
0
BZ#1138846 CVE-2014-3620 curl: cookies accepted for TLDs
0
0
BZ#1140036 CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain [fedora-all]
0
0
BZ#1140039 CVE-2014-3620 curl: cookies accepted for TLDs [fedora-all]
0
0

Automated Test Results

None