[Git][security-tracker-team/security-tracker][master] Track fixed version for curl via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 9 07:36:26 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c01d675 by Salvatore Bonaccorso at 2021-11-09T08:35:53+01:00
Track fixed version for curl via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52031,20 +52031,20 @@ CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserve
NOT-FOR-US: revive-adserver
CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...)
{DLA-2773-1}
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22947.html
NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...)
{DLA-2773-1}
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...)
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -52116,7 +52116,7 @@ CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TE
NOTE: insufficient and the security vulnerability remained.
CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
{DLA-2734-1}
- - curl <unfixed> (bug #991492)
+ - curl 7.79.1-1 (bug #991492)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22924.html
@@ -52202,7 +52202,7 @@ CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure
NOT-FOR-US: Pulse Connect Secure
CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
{DLA-2734-1}
- - curl <unfixed> (bug #989228)
+ - curl 7.79.1-1 (bug #989228)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22898.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211109/303d2b05/attachment.htm>
More information about the debian-security-tracker-commits
mailing list