Ubuntu
elinks package

ELinks reveals POST data to HTTPS proxy

Bug #141018 reported by Gustav H Meyer on 2007-09-19

258

Affects		Status	Importance	Assigned to	Milestone
	elinks (Ubuntu)	Fix Released	Medium	Kees Cook

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Related branches

lp:ubuntu/dapper-updates/elinks

lp:ubuntu/edgy-security/elinks

lp:ubuntu/feisty-updates/elinks

CVE References

2007-5034

Revision history for this message

Kees Cook (kees) wrote on 2007-09-19:

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	New → In Progress

Jamie Strandboge (jdstrand) on 2007-09-24

Changed in elinks:
status:	In Progress → Fix Committed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-09-25:

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

-- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Ubuntuelinks package