Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c01d675 by Salvatore Bonaccorso at 2021-11-09T08:35:53+01:00
Track fixed version for curl via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52031,20 +52031,20 @@ CVE-2021-22948 (Vulnerability in the generation of
session IDs in revive-adserve
NOT-FOR-US: revive-adserver
CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or
POP3 se ...)
{DLA-2773-1}
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22947.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68
(curl-7_79_0)
CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require
a succes ...)
{DLA-2773-1}
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca
(curl-7_79_0)
CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and
7.78.0 c ...)
- - curl <unfixed>
+ - curl 7.79.1-1
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -52116,7 +52116,7 @@ CVE-2021-22925 (curl supports the `-t` command line
option, known as `CURLOPT_TE
NOTE: insufficient and the security vulnerability remained.
CVE-2021-22924 (libcurl keeps previously used connections in a connection pool
for sub ...)
{DLA-2734-1}
- - curl <unfixed> (bug #991492)
+ - curl 7.79.1-1 (bug #991492)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22924.html
@@ -52202,7 +52202,7 @@ CVE-2021-22899 (A command injection vulnerability
exists in Pulse Connect Secure
NOT-FOR-US: Pulse Connect Secure
CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure
when th ...)
{DLA-2734-1}
- - curl <unfixed> (bug #989228)
+ - curl 7.79.1-1 (bug #989228)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2021-22898.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c01d6757a72c6572677e0ec694288302f8bf107
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
