—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3455-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
January 27, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : curl
CVE ID : CVE-2016-0755

Isaac Boukris discovered that cURL, an URL transfer library, reused
NTLM-authenticated proxy connections without properly making sure that
the connection was authenticated with the same credentials as set for
the new transfer. This could lead to HTTP requests being sent over the
connection authenticated as a different user.

For the stable distribution (jessie), this problem has been fixed in
version 7.38.0-4+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 7.47.0-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWqLUPAAoJEK+lG9bN5XPLsy4P/3R2RbmDfBUUODkb+1sJlGY5
DJBcPwyy/oGA4RRYDqDUhFPp8vnxSFjud1hsjw0vOq3BPo0Tk8x1nVl7iv2vAvWr
CICXdTIWj1oWjNKD7ZtP69LoPxNMwxYpj5T4dvC+n2yeiTDXxkPrUoucoDVtA45T
VibBgOf/NmsEQDKMjxtjpHEGnyLqcgIKGtmpU7rhKg/V6cG8Uz2Td3AYc/R74h9O
i57rmEaHN62C8a0C9V46X529tuOLw0x5Kz16x1vQcywecI6dxtYtE5MQ2khZvMwA
jD7ibINp0+nLA3pzfi2rNo/0S1SXwlaLCQjEam8olgdwA6oMBPTZXw17pu0S0mmt
YbIWzLosOAYZIonnaPYiLC3PWtEGEeBWIIXR1oBCCOUxHZ9uXAesEaa/gc71J/EF
bUHGU4vUvAm3JHDmYGvfMxF5SuTFjdHAJl1rwCJ8/LZbgAN169cDpYdjm79P/rng
zcovi0qSawaIdKqIeuaSZGiMGvIUmM2HDYV66PvgPVokAy2mawKwdxTaP8sWd++z
WyhtP3xXj/Q3NXHByAUa+91bDwLFpnKVTbIe2SKNLCYrfrSkRTPxpIZV688eftsr
AzwHk4sGkOcsnQ9O3JmS5uY8wxiEUM9TH3AevgwNFFPuW78dHhnn7AhccDnOijzO
F0MGJ6q014k7/oUfHVW9
=l4R6
—–END PGP SIGNATURE—–