Bugzilla – Bug 928533
VUL-1: CVE-2015-3153: curl: sensitive HTTP server headers also sent to proxies
Last modified: 2019-06-17 22:44:28 UTC
https://github.com/bagder/curl/issues/236
bugbot adjusting priority
curl 7.42.1 is out. Advisory: http://curl.haxx.se/docs/adv_20150429.html
This is an autogenerated message for OBS integration: This bug (928533) was mentioned in https://build.opensuse.org/request/show/304524 13.2+13.1 / curl
*** Bug 930239 has been marked as a duplicate of this bug. ***
openSUSE-SU-2015:0861-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 928533 CVE References: CVE-2015-3153 Sources used: openSUSE 13.2 (src): curl-7.42.1-11.1 openSUSE 13.1 (src): curl-7.42.1-2.42.1
SUSE-SU-2015:0962-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 927174,927556,927746,928533 CVE References: CVE-2015-3143,CVE-2015-3148,CVE-2015-3153 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): curl-7.19.7-1.42.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): curl-7.19.7-1.42.1 SUSE Linux Enterprise Server 11 SP3 (src): curl-7.19.7-1.42.1 SUSE Linux Enterprise Desktop 11 SP3 (src): curl-7.19.7-1.42.1
SUSE-SU-2015:0990-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 927556,927607,927608,927746,928533 CVE References: CVE-2015-3143,CVE-2015-3144,CVE-2015-3145,CVE-2015-3148,CVE-2015-3153 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): curl-7.37.0-15.1 SUSE Linux Enterprise Server 12 (src): curl-7.37.0-15.1 SUSE Linux Enterprise Desktop 12 (src): curl-7.37.0-15.1
I see this as released everywhere.