[ubuntu/hirsute-updates] curl 7.74.0-1ubuntu2.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Sep 15 11:28:24 UTC 2021
curl (7.74.0-1ubuntu2.3) hirsute-security; urgency=medium
* SECURITY UPDATE: UAF and double-free in MQTT sending
- debian/patches/CVE-2021-22945.patch: clear the leftovers pointer when
sending succeeds in lib/mqtt.c.
- CVE-2021-22945
* SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in
lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc,
tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
* SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response
pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c,
tests/data/Makefile.inc, tests/data/test980, tests/data/test981,
tests/data/test982, tests/data/test983.
- CVE-2021-22947
Date: 2021-09-11 13:13:10.472000+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hirsute-changes
mailing list