AVG-596 log

Package libcurl-gnutls
Status Fixed
Severity Medium
Type multiple issues
Affected 7.57.0-1
Fixed 7.58.0-1
Current 8.11.1-3 [core]
Ticket None
Created Mon Jan 29 19:42:29 2018
Issue Severity Remote Type Description
CVE-2018-1000007 Medium Yes Information disclosure
libcurl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first...
CVE-2018-1000005 Medium Yes Denial of service
libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the...
Date Advisory Package Type
29 Jan 2018 ASA-201801-24 libcurl-gnutls multiple issues