[ubuntu/impish-updates] curl 7.74.0-1.3ubuntu2.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Jun 27 15:28:28 UTC 2022
curl (7.74.0-1.3ubuntu2.3) impish-security; urgency=medium
* SECURITY UPDATE: Set-cookie denial of service
- debian/patches/CVE-2022-32205.patch: apply limits to cookies
specifications in lib/cookie.c, lib/cookie.h, lib/http.c, lib/urldata.h.
- CVE-2022-32205
* SECURITY UPDATE: HTTP compression denial of service
- debian/patches/CVE-2022-32206.patch: return error on too many
compression steps in lib/content_encoding.c.
- CVE-2022-32206
* SECURITY UPDATE: Unpreserved file permissions
- debian/patches/CVE-2022-32207.patch: add Curl_fopen()
for better overwriting of files in lib/Makefile.inc,
lib/cookie.c, lib/fopen.c, lib/fopen.h.
- CVE-2022-32207
* SECURITY UPDATE: FTP-KRB bad msg verification
- debian/patches/CVE-2022-32208.patch: return error properly
on decode errors in lib/krb5.c.
- CVE-2022-32208
Date: 2022-06-23 11:06:10.924213+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list