[ubuntu/lunar-proposed] curl 7.86.0-1 (Accepted)
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Sat Nov 5 13:45:13 UTC 2022
curl (7.86.0-1) unstable; urgency=medium
* New upstream version 7.86.0
- Fix HSTS bypass via IDN:
curl's HSTS check could be bypassed to trick it to keep using HTTP.
(closes: CVE-2022-42916)
- Fix HTTP proxy double-free (closes: CVE-2022-42915)
- Fix .netrc parser out-of-bounds access (closes: CVE-2022-35260)
- Fix POST following PUT confusion (closes: CVE-2022-32221)
Date: 2022-10-28 04:26:33.869302+00:00
Changed-By: Alessandro Ghedini <alessandro at ghedini.me>
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/curl/7.86.0-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list