LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenPKG alert OpenPKG-SA-2006.012 (curl)



From:
    	      OpenPKG <openpkg@openpkg.org>


To:
    	      openpkg-announce@openpkg.org


Subject:
    	      [OpenPKG-SA-2006.012] OpenPKG Security Advisory (curl)


Date:
    	      Wed, 28 Jun 2006 11:13:03 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security/                  http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2006.012                                          28-Jun-2006
________________________________________________________________________

Package:             curl
Vulnerability:       buffer overflow
OpenPKG Specific:    no

Affected Releases:   Affected Packages:      Corrected Packages:
OpenPKG CURRENT      <= curl-7.15.2-20060227 >= curl-7.15.3-20060320
OpenPKG 2-STABLE     N.A.                    N.A.
OpenPKG 2.5-RELEASE  <= curl-7.15.0-2.5.1    >= curl-7.15.0-2.5.2

Description:
  According to a vendor security advisory [0], a buffer overflow exists
  in cURL [1], a command line tool for fetching content via URLs. The
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-1061 [2] to the problem.
________________________________________________________________________

References:
  [0] http://curl.haxx.se/docs/adv_20060320.html 
  [1] http://curl.haxx.se/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFEokfVgHWT4GPEy58RAkfZAJ9WPW9owb25lc6LkUbJhanEDZ01gwCeMAGP
2DSfvJ1apI56z6nDbCf4Io8=
=c5Vi
-----END PGP SIGNATURE-----
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Project Announcement List                 openpkg-announce@openpkg.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds