[ubuntu/jammy-security] curl 7.81.0-1ubuntu1.3 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Jun 27 14:30:35 UTC 2022
curl (7.81.0-1ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: Set-cookie denial of service
- debian/patches/CVE-2022-32205.patch: apply limits to cookies
specifications in lib/cookie.c, lib/cookie.h, lib/http.c, lib/urldata.h.
- CVE-2022-32205
* SECURITY UPDATE: HTTP compression denial of service
- debian/patches/CVE-2022-32206.patch: return error on too many
compression steps in lib/content_encoding.c.
- CVE-2022-32206
* SECURITY UPDATE: Unpreserved file permissions
- debian/patches/CVE-2022-32207.patch: add Curl_fopen()
for better overwriting of files in lib/Makefile.inc,
lib/cookie.c, lib/fopen.c, lib/fopen.h.
- CVE-2022-32207
* SECURITY UPDATE: FTP-KRB bad msg verification
- debian/patches/CVE-2022-32208.patch: return error properly
on decode errors in lib/krb5.c.
- CVE-2022-32208
Date: 2022-06-23 15:49:09.405339+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list