As described in http://curl.haxx.se/docs/adv_20141105.html and
*** Bug 528842 has been marked as a duplicate of this bug. ***
(In reply to Tiago Marques from comment #0)
> As described in http://curl.haxx.se/docs/adv_20141105.html and
> Reproducible: Always
From the report: Not affected versions: libcurl >= 7.39.0.
curl-7.39.0 has now been added to the tree and I've removed all older unstable versions that were vulnerable.
We should rapid stabilize.
TARGETS="alpha amd64 arm arm64 hppa ia64 ppc ppc64 s390 sparc x86"
I'm cc-ing arm64 that may want to stabilize this important package.
@alpha, arm64, ia64, sparc. You will need to stabilize =net-dns/c-ares-1.10.0-r1 first. See bug #522820.
stable on ppc and ppc64
Stable for HPPA.
stable on arm
Stable on alpha
Maintainer(s), please cleanup.
Security, please vote.
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when
running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP
POST data for an easy handle, which triggers an out-of-bounds read that
allows remote web servers to read sensitive memory information.
GLSA Vote: No
GLSA vote: no.
For this version it is all cleaned up. Thank you