Re: [SECURITY] [DLA 1672-1] curl security update

Mon, 11 Feb 2019 08:18:39 -0800 

Thanj you merci

Le Lun 11 Fév 2019 16:44, Chris Lamb <la...@debian.org> a écrit :

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Package        : curl
> Version        : 7.38.0-4+deb8u14
> CVE IDs        : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
>
> It was discovered that there were three vulnerabilities in the curl
> command-line HTTP (etc.) client:
>
>  * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in
>    the handling of NTLM type-2 messages.
>
>  * CVE-2019-3822: Stack-based buffer overflow in the handling of
>    outgoing NTLM type-3 headers.
>
>  * CVE-2019-3823: Heap out-of-bounds read in code handling
>    the end of a response in the SMTP protocol.
>
> For Debian 8 "Jessie", this issue has been fixed in curl version
> 7.38.0-4+deb8u14.
>
> We recommend that you upgrade your curl packages.
>
>
> Regards,
>
> - --
>       ,''`.
>      : :'  :     Chris Lamb
>      `. `'`      la...@debian.org 🍥 chris-lamb.co.uk
>        `-
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxhl/UACgkQHpU+J9Qx
> Hljp2Q/9HzuJ9vRQuvKV7QoFUhIjUDEnOinI7oXnekFWJXhbB4fIS0icCIS9YHQZ
> C3dLsyUPudsxz7DhIGc/SXOEU+Acbbp6FK4LpM+YT/q5gkpWgAw1aHazQgABgGO5
> We1t6CDRwHAmQmZDQZyVJ4wbPw1VCu66RMnkWEaYq50owwi0/7BpnW7w0g9y83tw
> DnlAJ3int8TNwVaGKD5LVke4iPPB3rex3RjglzA3leB/p/11Ei2EeL5D7q3tsRVt
> kTygM7HwnHkGvVFBCQGZoNhmSPkFBRIGO9WZ4u9M27taatvVbI2T4qCjOqXvdhba
> RpjEWhGgTUfoL8i3c4CR5vQHCQ7dCVtkDcuH8LTSSyZigAWx9SGeapVQt60l/LRo
> mJSLgfFLySOcB3AxQOjdDhFJqgVPvk7/5uiahg1IUzGNcRdX2ws3xLjegpc2HdwT
> jRdRYKFEva8OXyYG/rDQw/0vfVJsjSpRKt2uNbhgpRZkDd70MUJjehBXohNCpzYr
> ck+TKnHx64gi2o1/4RvyrrDHX1J8s5F8wIrnMQix4HPodv3wSg7PljsG3931YHGX
> F0OrNi64ODYQJYcP612lKif2YQAzb4pofhljP4DDCP5FlUAWLb+++U5hI5trm6eb
> 2Qn7pPc7NzoROnZD2LLm6FVP9BsJPeXhoGfA+iskQ4WnHio9Faw=
> =R862
> -----END PGP SIGNATURE-----
>
>

Reply via email to