[ubuntu/kinetic-updates] curl 7.85.0-1ubuntu0.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Mar 20 12:58:59 UTC 2023
curl (7.85.0-1ubuntu0.5) kinetic-security; urgency=medium
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir
ends with one in lib/curl_path.c.
- debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535-pre1.patch: add and use Curl_timestrcmp
in lib/netrc.c, lib/strcase.c, lib/strcase.h, lib/url.c,
lib/vauth/digest_sspi.c, lib/vtls/vtls.c.
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
Date: 2023-03-16 18:05:13.505499+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list