Bug#1036300: Fwd: bullseye-pu: package curl/7.74.0-1.3+deb11u8

Jonathan Wiltshire Sun, 25 Jun 2023 11:03:22 -0700

Control: tag -1 confirmed

On Fri, May 19, 2023 at 12:11:17AM +0100, Samuel Henrique wrote:
> [ Reason ]
> * Backport upstream patches to fix 5 CVEs:
>   - CVE-2023-27533: TELNET option IAC injection
>   - CVE-2023-27534: SFTP path ~ resolving discrepancy
>   - CVE-2023-27535: FTP too eager connection reuse
>   - CVE-2023-27536: GSS delegation too eager connection re-use
>   - CVE-2023-27538: SSH connection too eager reuse still
> * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(),
>   required for CVE-2023-27535.


Please go ahead.

Thanks,


-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1036300: Fwd: bullseye-pu: package curl/7.74.0-1.3+deb11u8

Reply via email to