Ubuntu
elinks package

ELinks reveals POST data to HTTPS proxy

Bug #141018 reported by Gustav H Meyer on 2007-09-19

258

Affects		Status	Importance	Assigned to	Milestone
	elinks (Ubuntu)	Fix Released	Medium	Kees Cook

Bug Description

Binary package hint: elinks

See: http://bugzilla.elinks.cz/show_bug.cgi?id=937

"ELinks 0.11.3 includes the fix."

It would be nice to have the upgraded version available on ubuntu as soon as possible.

Related branches

lp:ubuntu/dapper-updates/elinks

lp:ubuntu/edgy-security/elinks

lp:ubuntu/feisty-updates/elinks

CVE References

2007-5034

Revision history for this message

Kees Cook (kees) wrote on 2007-09-19:

Thanks for the report! We will get fixes prepared.

Changed in elinks:
assignee:	nobody → keescook
importance:	Undecided → Medium
status:	New → In Progress

Jamie Strandboge (jdstrand) on 2007-09-24

Changed in elinks:
status:	In Progress → Fix Committed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-09-25:

elinks (0.11.1-1.2ubuntu2.2) feisty-security; urgency=low

  * SECURITY UPDATE: possible information disclosure when using an HTTPS proxy
    server and sending a POST request
  * added patch to src/protocol/http/http.c for proper handling of POST DATA
  * References
    CVE-2007-5034
    Fixes LP: #141018

-- Jamie Strandboge <email address hidden> Mon, 24 Sep 2007 13:55:54 -0400

Changed in elinks:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuelinks package