[Git][security-tracker-team/security-tracker][master] Add upstream references for CVE-2023-2391{4,5,6}/curl and update status

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 15 08:31:27 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9695dcfe by Salvatore Bonaccorso at 2023-02-15T09:31:12+01:00
Add upstream references for CVE-2023-2391{4,5,6}/curl and update status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5151,16 +5151,24 @@ CVE-2023-23916 [curl: HTTP multi-header compression denial of service]
 	RESERVED
 	- curl <unfixed>
 	NOTE: https://curl.se/docs/CVE-2023-23916.html
+	NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 (curl-7_88_0)
 CVE-2023-23915 [curl: HSTS amnesia with --parallel]
 	RESERVED
 	- curl <unfixed>
 	[bullseye] - curl <ignored> (curl is not built with HSTS support)
+	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2023-23915.html
+	NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
+	NOTE: https://github.com/curl/curl/pull/10138
 CVE-2023-23914 [curl: HSTS ignored on multiple requests]
 	RESERVED
 	- curl <unfixed>
 	[bullseye] - curl <ignored> (curl is not built with HSTS support)
+	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2023-23914.html
+	NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
+	NOTE: https://github.com/curl/curl/pull/10138
 CVE-2023-23913
 	RESERVED
 CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9695dcfec9e351f9c5483525b2205364a1f3a46b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9695dcfec9e351f9c5483525b2205364a1f3a46b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230215/d4c39b28/attachment.htm>


More information about the debian-security-tracker-commits mailing list