From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4 Description of problem: 05.42.13 CVE: CAN-2005-3185 Platform: Unix Title: Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability Description: GNU wget is a software package for retrieving files using HTTP, HTTPS and FTP. CURL is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. They are reported to be vulnerable to a buffer overflow issue due to improper boundary checking on user supplied data. Ref: http://www.securityfocus.com/bid/15102 Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
05.49.13 CVE: CVE-2005-0490 Platform: Unix Title: cURL / libcURL URL Parser Buffer Overflow Description: cURL is a utility for retrieving remote content from servers over a number of protocols. libcURL provides this functionality to applications, as a shared library. cURL and libcURL are prone to a buffer overflow vulnerability. The issues occur when the URL parser function handles an excessively long URL string and is caused by two separate errors. An attacker can exploit these issues to crash the affected library, effectively denying service. Ref: http://curl.haxx.se/docs/adv_20051207.html
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.