From 68c18b79288431ab4e477cc3f59ef4ccfe3e7355 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 16 Aug 2011 14:54:44 +0200 Subject: import curl-7.15.5-9.el5_6.3 from EL-5 --- curl-7.15.5-CVE-2011-2192.patch | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 curl-7.15.5-CVE-2011-2192.patch (limited to 'curl-7.15.5-CVE-2011-2192.patch') diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch new file mode 100644 index 0000000..6d36cdc --- /dev/null +++ b/curl-7.15.5-CVE-2011-2192.patch @@ -0,0 +1,30 @@ +From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 8 Jun 2011 00:10:26 +0200 +Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials + +This is a security flaw. See curl advisory 20110623 for details. + +Reported by: Richard Silverman + +Signed-off-by: Kamil Dudka +--- + lib/http_negotiate.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c +index 08064d6..4015e2f 100644 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header) + &neg_ctx->context, + neg_ctx->server_name, + GSS_C_NO_OID, +- GSS_C_DELEG_FLAG, ++ 0, + 0, + GSS_C_NO_CHANNEL_BINDINGS, + &input_token, +-- +1.7.4.4 + -- cgit