[ubuntu/kinetic-updates] curl 7.85.0-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Oct 26 17:58:47 UTC 2022
curl (7.85.0-1ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: POST following PUT confusion
- debian/patches/CVE-2022-32221.patch: when POST is set, reset the
'upload' field in lib/setopt.c.
- CVE-2022-32221
* SECURITY UPDATE: .netrc parser out-of-bounds access
- debian/patches/CVE-2022-35260.patch: replace fgets with Curl_get_line
in lib/curl_get_line.c, lib/netrc.c.
- CVE-2022-35260
* SECURITY UPDATE: HTTP proxy double-free
- debian/patches/CVE-2022-42915.patch: restore the protocol pointer on
error in lib/http_proxy.c, lib/url.c.
- CVE-2022-42915
* SECURITY UPDATE: HSTS bypass via IDN
- debian/patches/CVE-2022-42916.patch: use IDN decoded names for HSTS
checks in lib/url.c.
- CVE-2022-42916
Date: 2022-10-26 13:57:08.840072+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list