As described in http://curl.haxx.se/docs/adv_20141105.html and Reproducible: Always
*** Bug 528842 has been marked as a duplicate of this bug. ***
oops
(In reply to Tiago Marques from comment #0) > As described in http://curl.haxx.se/docs/adv_20141105.html and > > Reproducible: Always From the report: Not affected versions: libcurl >= 7.39.0. curl-7.39.0 has now been added to the tree and I've removed all older unstable versions that were vulnerable. We should rapid stabilize. TARGETS="alpha amd64 arm arm64 hppa ia64 ppc ppc64 s390 sparc x86" I'm cc-ing arm64 that may want to stabilize this important package.
@alpha, arm64, ia64, sparc. You will need to stabilize =net-dns/c-ares-1.10.0-r1 first. See bug #522820.
amd64 stable
x86 stable
stable on ppc and ppc64
Stable for HPPA.
stable on arm
Stable on alpha
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
CVE-2014-3707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3707): The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
GLSA Vote: No
GLSA vote: no.
For this version it is all cleaned up. Thank you