{"id":"MGASA-2015-0020","summary":"Updated curl packages fix CVE-2014-8150","details":"Updated curl packages fix security vulnerability:\n\nWhen libcurl sends a request to a server via a HTTP proxy, it copies the\nentire URL into the request and sends if off. If the given URL contains line\nfeeds and carriage returns those will be sent along to the proxy too, which\nallows the program to for example send a separate HTTP request injected\nembedded in the URL (CVE-2014-8150).\n","modified":"2026-04-16T06:25:25.318471409Z","published":"2015-01-09T16:44:12Z","upstream":["CVE-2014-8150"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0020.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14985"},{"type":"WEB","url":"http://curl.haxx.se/docs/adv_20150108B.html"}],"affected":[{"package":{"name":"curl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.34.0-1.5.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0020.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}