From 68c18b79288431ab4e477cc3f59ef4ccfe3e7355 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Tue, 16 Aug 2011 14:54:44 +0200
Subject: import curl-7.15.5-9.el5_6.3 from EL-5

---
 curl-7.15.5-CVE-2011-2192.patch | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 curl-7.15.5-CVE-2011-2192.patch

(limited to 'curl-7.15.5-CVE-2011-2192.patch')

diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch
new file mode 100644
index 0000000..6d36cdc
--- /dev/null
+++ b/curl-7.15.5-CVE-2011-2192.patch
@@ -0,0 +1,30 @@
+From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 8 Jun 2011 00:10:26 +0200
+Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials
+
+This is a security flaw. See curl advisory 20110623 for details.
+
+Reported by: Richard Silverman
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http_negotiate.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 08064d6..4015e2f 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
+                                       &neg_ctx->context,
+                                       neg_ctx->server_name,
+                                       GSS_C_NO_OID,
+-                                      GSS_C_DELEG_FLAG,
++                                      0,
+                                       0,
+                                       GSS_C_NO_CHANNEL_BINDINGS,
+                                       &input_token,
+-- 
+1.7.4.4
+
-- 
cgit