Ubuntu

Overview
Code
Bugs
Blueprints
Translations
Answers

ELinks reveals POST data to HTTPS proxy

Reported by Gustav H Meyer on 2007-09-19

258

Affects

Status

Importance

Assigned to

Milestone

elinks (Ubuntu)

Fix Released

Medium

Kees Cook

You need to log in to change this bug's status.

Affecting:	elinks (Ubuntu)
Filed here by:	Gustav H Meyer
When:	2007-09-19
Confirmed:	2007-09-19
Assigned:	2007-09-19
Started work:	2007-09-19
Completed:	2007-09-25

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Medium

Assigned to

	Me
	Kees Cook (kees)

Comment on this change (optional)

E-mail me about changes to this bug report

(?)

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Add tags Tag help

Related branches

lp:ubuntu/dapper-updates/elinks

lp:ubuntu/edgy-security/elinks

lp:ubuntu/feisty-updates/elinks

CVE References

2007-5034

Kees Cook (kees) wrote on 2007-09-19:

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	New → In Progress

Jamie Strandboge (jdstrand) on 2007-09-24

Changed in elinks:
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) wrote on 2007-09-25:

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

-- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information Edit

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers