[Git][security-tracker-team/security-tracker][master] Add CVE-2022-32221/curl

Wed Oct 26 15:58:04 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04fb7653 by Salvatore Bonaccorso at 2022-10-26T16:57:35+02:00
Add CVE-2022-32221/curl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30021,8 +30021,12 @@ CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in vers
 	- nodejs <not-affected> (Specific to Node 18 and nodejs-distributed binaries)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
 	NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
-CVE-2022-32221
+CVE-2022-32221 [POST following PUT confusion]
 	RESERVED
+	- curl <unfixed>
+	NOTE: https://curl.se/docs/CVE-2022-32221.html
+	NOTE: https://github.com/curl/curl/issues/9507
+	NOTE: Fixed by: https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9 (curl-7_86_0)
 CVE-2022-32220 (An information disclosure vulnerability exists in Rocket.Chat <v5 d ...)
 	NOT-FOR-US: Rockert.Chat
 CVE-2022-32219 (An information disclosure vulnerability exists in Rocket.Chat <v4.7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04fb76530947ba81583f56b4efbb11d2da319294

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04fb76530947ba81583f56b4efbb11d2da319294
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221026/97575cb9/attachment.htm>
