stable

curl-7.37.0-7.fc21

FEDORA-2014-10679 created by kdudka 10 years ago for Fedora 21
  • use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
  • reject incoming cookies set for top level domains (CVE-2014-3620)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2014-10679

This update has been submitted for testing by kdudka.

10 years ago

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1g3nq (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1g3nx (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon ignatenkobrain commented & provided feedback 10 years ago
karma

no regressions

Critical path update approved

10 years ago
User Icon nonamedotc commented & provided feedback 10 years ago
karma

looks good to me

User Icon fafatheone commented & provided feedback 10 years ago
karma

Looks good.

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago

Thank you for providing the feedback!

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1gjj0 (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
BZ#1136154 CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
0
0
BZ#1138846 CVE-2014-3620 curl: cookies accepted for TLDs
0
0
BZ#1140036 CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain [fedora-all]
0
0
BZ#1140039 CVE-2014-3620 curl: cookies accepted for TLDs [fedora-all]
0
0

Automated Test Results