[ubuntu/bionic-security] curl 7.58.0-2ubuntu3.15 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Sep 15 10:58:25 UTC 2021
curl (7.58.0-2ubuntu3.15) bionic-security; urgency=medium
* SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over
HTTPS proxy in lib/ftp.c, lib/urldata.h.
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in
lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc,
tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
* SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response
pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c,
tests/data/Makefile.inc, tests/data/test980, tests/data/test981,
tests/data/test982, tests/data/test983.
- CVE-2021-22947
Date: 2021-09-10 18:39:08.836674+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list