ELinks reveals POST data to HTTPS proxy

Bug #141018 reported by Gustav H Meyer
258
Affects Status Importance Assigned to Milestone
elinks (Ubuntu)
Fix Released
Medium
Kees Cook

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Revision history for this message
Kees Cook (kees) wrote :

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee: nobody → keescook
importance: Undecided → Medium
status: New → In Progress
Changed in elinks:
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

 -- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers