Bug 773457 (CVE-2012-0036)
Summary: | CVE-2012-0036 curl: URL sanitization vulnerability | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | jlieskov, kdudka, prc, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-01-16 00:44:35 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 784226, 784227, 784228 | ||||||||
Bug Blocks: | 773461 | ||||||||
Attachments: |
|
Description
Vincent Danen
2012-01-11 21:22:38 UTC
Created attachment 552243 [details]
proposed upstream patch
Created attachment 556625 [details]
proposed upstream patch
Updated version of upstream's patch.
Upstream security page describing this issue: [2] http://curl.haxx.se/docs/security.html Particular CVE-2012-0036 dedicated advisory from upstream: [3] http://curl.haxx.se/docs/adv_20120124.html Final version of upstream patch: [4] http://curl.haxx.se/curl-url-sanitize.patch Created mingw32-curl tracking bugs for this issue Affects: fedora-all [bug 784227] Affects: epel-5 [bug 784228] Created curl tracking bugs for this issue Affects: fedora-all [bug 784226] upstream commit: https://github.com/bagder/curl/commit/75ca568 Acknowledgements: Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Dan Fandrich as the original reporter. curl-7.21.7-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. curl-7.21.3-13.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |