ELinks reveals POST data to HTTPS proxy
Bug #141018 reported by
Gustav H Meyer
on 2007-09-19
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| elinks (Ubuntu) |
Medium
|
Kees Cook |
Bug Description
Binary package hint: elinks
See: http://
"ELinks 0.11.3 includes the fix."
It would be nice to have the upgraded version available on ubuntu as soon as possible.
CVE References
Kees Cook (kees) wrote : | #1 |
Changed in elinks: | |
assignee: | nobody → keescook |
importance: | Undecided → Medium |
status: | New → In Progress |
Jamie Strandboge (jdstrand)
on 2007-09-24
Changed in elinks: | |
status: | In Progress → Fix Committed |
Jamie Strandboge (jdstrand) wrote : | #2 |
elinks (0.11.1-
* SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
server and sending a POST request
* added patch to src/protocol/
* References
CVE-2007-5034
Fixes LP: #141018
-- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400
Changed in elinks: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for the report! We will get fixes prepared.