[Git][security-tracker-team/security-tracker][master] Add upstream references for CVE-2023-2391{4,5,6}/curl and update status
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 15 08:31:27 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9695dcfe by Salvatore Bonaccorso at 2023-02-15T09:31:12+01:00
Add upstream references for CVE-2023-2391{4,5,6}/curl and update status
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5151,16 +5151,24 @@ CVE-2023-23916 [curl: HTTP multi-header compression denial of service]
RESERVED
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2023-23916.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 (curl-7_88_0)
CVE-2023-23915 [curl: HSTS amnesia with --parallel]
RESERVED
- curl <unfixed>
[bullseye] - curl <ignored> (curl is not built with HSTS support)
+ [buster] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2023-23915.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
+ NOTE: https://github.com/curl/curl/pull/10138
CVE-2023-23914 [curl: HSTS ignored on multiple requests]
RESERVED
- curl <unfixed>
[bullseye] - curl <ignored> (curl is not built with HSTS support)
+ [buster] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2023-23914.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
+ NOTE: https://github.com/curl/curl/pull/10138
CVE-2023-23913
RESERVED
CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9695dcfec9e351f9c5483525b2205364a1f3a46b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9695dcfec9e351f9c5483525b2205364a1f3a46b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230215/d4c39b28/attachment.htm>
More information about the debian-security-tracker-commits
mailing list