CVE-2007-5034

Name	CVE-2007-5034
Description	ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1380-1
Debian Bugs	443914

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
elinks (PTS)	buster	0.13~20190125-3	fixed
	bookworm, bullseye	0.13.2-1	fixed
	sid, trixie	0.16.1.1-4.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
elinks	source	etch	0.11.1-1.2etch1		DSA-1380-1
elinks	source	(unstable)	0.11.1-1.5	low		443914