d71a51d0e5
Fixes: CVE-2014-8150 - When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session ID cache when it connects to TLS servers. In subsequent connects it re-uses the entry in the cache to resume the TLS connection faster than when doing a full TLS handshake. The actual implementation for the Session ID caching varies depending on the underlying TLS backend. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| libcurl.hash | ||
| libcurl.mk | ||