[ubuntu/jammy-security] curl 7.81.0-1ubuntu1.6 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Oct 26 17:16:01 UTC 2022


curl (7.81.0-1ubuntu1.6) jammy-security; urgency=medium

  * SECURITY UPDATE: POST following PUT confusion
    - debian/patches/CVE-2022-32221.patch: when POST is set, reset the
      'upload' field in lib/setopt.c.
    - CVE-2022-32221
  * SECURITY UPDATE: HTTP proxy double-free
    - debian/patches/CVE-2022-42915.patch: restore the protocol pointer on
      error in lib/http_proxy.c, lib/url.c.
    - CVE-2022-42915
  * SECURITY UPDATE: HSTS bypass via IDN
    - debian/patches/CVE-2022-42916.patch: use IDN decoded names for HSTS
      checks in lib/url.c.
    - CVE-2022-42916

Date: 2022-10-25 15:26:08.829318+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list