From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 3 Aug 2003 21:33:25 +0000 (+0000)
Subject: serios info leakage!
X-Git-Tag: curl-7_10_7~127
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=296046510bc213090ea9e69a7314abb79f4d792e;p=thirdparty%2Fcurl.git

serios info leakage!
---

diff --git a/CHANGES b/CHANGES
index 138d7c4bba..94a5318a10 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
 
                                   Changelog
 
+Daniel (3 August)
+- When proxy authentication is used in a CONNECT request (as used for all SSL
+  connects and otherwise enforced tunnel-thru-proxy requests), the same
+  authentication header is also wrongly sent to the remote host.
+
+  This is a rather significant info leak. I've fixed it now and mailed a patch
+  and warning to the mailing lists.
+
 Daniel (1 August)
 - David Byron provided a patch to make 7.10.6 build correctly with the
   compressed hugehelp.c source file.