Hi, I notice that there are no fixes for oldstable. Is oldstable not affected by this security issue?
All the best, Wolfgang Am Mittwoch, den 27.01.2016, 12:16 +0000 schrieb Alessandro Ghedini: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3455-1 secur...@debian.org > https://www.debian.org/security/ Alessandro Ghedini > January 27, 2016 https://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : curl > CVE ID : CVE-2016-0755 > > Isaac Boukris discovered that cURL, an URL transfer library, reused > NTLM-authenticated proxy connections without properly making sure that > the connection was authenticated with the same credentials as set for > the new transfer. This could lead to HTTP requests being sent over the > connection authenticated as a different user. > > For the stable distribution (jessie), this problem has been fixed in > version 7.38.0-4+deb8u3. > > For the unstable distribution (sid), this problem has been fixed in > version 7.47.0-1. > > We recommend that you upgrade your curl packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org
