Ubuntu
elinks package

ELinks reveals POST data to HTTPS proxy

Bug #141018 reported by Gustav H Meyer on 2007-09-19

258

Affects

Status

Importance

Assigned to

Milestone

elinks (Ubuntu)

Fix Released

Medium

Kees Cook

You need to log in to change this bug's status.

Affecting:	elinks (Ubuntu)
Filed here by:	Gustav H Meyer
When:	2007-09-19
Confirmed:	2007-09-19
Assigned:	2007-09-19
Started work:	2007-09-19
Completed:	2007-09-25

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Medium

Assigned to

	Me
	Kees Cook (kees)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Add tags Tag help

Related branches

lp:ubuntu/dapper-updates/elinks

lp:ubuntu/edgy-security/elinks

lp:ubuntu/feisty-updates/elinks

CVE References

2007-5034

Kees Cook (kees) wrote on 2007-09-19:

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	New → In Progress

Jamie Strandboge (jdstrand) on 2007-09-24

Changed in elinks:
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) wrote on 2007-09-25:

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

-- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information Edit

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Ubuntuelinks package