[Git][security-tracker-team/security-tracker][master] Track fixed version for curl via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 9 07:36:26 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c01d675 by Salvatore Bonaccorso at 2021-11-09T08:35:53+01:00
Track fixed version for curl via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52031,20 +52031,20 @@ CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserve
 	NOT-FOR-US: revive-adserver
 CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...)
 	{DLA-2773-1}
-	- curl <unfixed>
+	- curl 7.79.1-1
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22947.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
 CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...)
 	{DLA-2773-1}
-	- curl <unfixed>
+	- curl 7.79.1-1
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22946.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
 CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...)
-	- curl <unfixed>
+	- curl 7.79.1-1
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -52116,7 +52116,7 @@ CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TE
 	NOTE: insufficient and the security vulnerability remained.
 CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
 	{DLA-2734-1}
-	- curl <unfixed> (bug #991492)
+	- curl 7.79.1-1 (bug #991492)
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22924.html
@@ -52202,7 +52202,7 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure
 	NOT-FOR-US: Pulse Connect Secure
 CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
 	{DLA-2734-1}
-	- curl <unfixed> (bug #989228)
+	- curl 7.79.1-1 (bug #989228)
 	[bullseye] - curl <no-dsa> (Minor issue)
 	[buster] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2021-22898.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211109/303d2b05/attachment.htm>


More information about the debian-security-tracker-commits mailing list