[Git][security-tracker-team/security-tracker][master] Track fixed version for various curl issues

Wed Mar 22 08:20:03 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
050180af by Salvatore Bonaccorso at 2023-03-22T09:19:34+01:00
Track fixed version for various curl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3835,13 +3835,13 @@ CVE-2023-27539
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
 CVE-2023-27538 [SSH connection too eager reuse still]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27538.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb (curl-8_0_0)
 CVE-2023-27537 [HSTS double-free]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <not-affected> (Vulnerable code introduced later)
 	[buster] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2023-27537.html
@@ -3849,28 +3849,28 @@ CVE-2023-27537 [HSTS double-free]
 	NOTE: Fixed by: https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b (curl-8_0_0)
 CVE-2023-27536 [GSS delegation too eager connection re-use]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27536.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0)
 CVE-2023-27535 [FTP too eager connection reuse]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27535.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0)
 CVE-2023-27534 [SFTP path ~ resolving discrepancy]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27534.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0)
 CVE-2023-27533 [TELNET option IAC injection]
 	RESERVED
-	- curl <unfixed>
+	- curl 7.88.1-7
 	[bullseye] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2023-27533.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/050180afd94f49a87b0fe169acb20df1fe428ab7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/050180afd94f49a87b0fe169acb20df1fe428ab7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230322/9cca8d4b/attachment.htm>
