Ubuntu

ELinks reveals POST data to HTTPS proxy

Reported by Gustav H Meyer on 2007-09-19
258
Affects Status Importance Assigned to Milestone
elinks (Ubuntu)
Medium
Kees Cook

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Kees Cook (kees) wrote :

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee: nobody → keescook
importance: Undecided → Medium
status: New → In Progress
Changed in elinks:
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

 -- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers