[ubuntu/bionic-security] curl 7.58.0-2ubuntu3.20 (Accepted)

Mark Esler mark.esler at canonical.com
Thu Sep 1 20:01:34 UTC 2022


curl (7.58.0-2ubuntu3.20) bionic-security; urgency=medium

  * SECURITY UPDATE: when curl sends back cookies with control bytes a
    HTTP(S) server may return a 400 response
    - debian/patches/CVE-2022-35252.patch: adds invalid_octets function
      to lib/cookie.c to reject cookies with control bytes
    - CVE-2022-35252

Date: 2022-09-01 03:08:36.732686+00:00
Changed-By: Mark Esler <mark.esler at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.20
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list