{"id":"MGASA-2015-0440","summary":"Updated python-curl packages fix security vulnerability","details":"A use-after-free vulnerability was found in Curl object's HTTPPOST setopt\nwhen a Unicode value is passed as a value with a FORM_BUFFERPTR. The str\nobject created from the passed in unicode object would have its buffer\nused but the unicode object would be stored instead of the str object\n(rhbz#1277488).\n","modified":"2026-04-16T04:27:57.747373Z","published":"2015-11-10T21:26:39Z","references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0440.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17077"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/11/03/4"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170967.html"}],"affected":[{"package":{"name":"python-curl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/python-curl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.19.5-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0440.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}