Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd554c7b by Salvatore Bonaccorso at 2022-12-28T07:02:24+01:00
Mark CVE-2022-42916 and CVE-2022-43551 as ignored
Rationale: If HSTS support would have been disabled in all suites we
could use unimportant severity. As we track issues at source level and
HSTS support is enabled by default since 7.77 mark the issues as ignored
(as the issue is present). Not-affected would imply that the issue is
not present at source level.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16784,8 +16784,8 @@ CVE-2022-43552 [HTTP Proxy deny use-after-free]
NOTE: Fixed by:
https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2
(curl-7_87_0)
CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that
could be byp ...)
- curl 7.86.0-3 (bug #1026829)
- [bullseye] - curl <not-affected> (curl is not built with HSTS support)
- [buster] - curl <not-affected> (curl is not built with HSTS support)
+ [bullseye] - curl <ignored> (curl is not built with HSTS support)
+ [buster] - curl <ignored> (curl is not built with HSTS support)
NOTE: https://curl.se/docs/CVE-2022-43551.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c
(curl-7_74_0)
NOTE: Enabled by default since:
https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339
(curl-7_77_0)
@@ -18668,8 +18668,8 @@ CVE-2022-42917
RESERVED
CVE-2022-42916 (In curl before 7.86.0, the HSTS check could be bypassed to
trick it in ...)
- curl 7.86.0-1
- [bullseye] - curl <not-affected> (curl is not built with HSTS support)
- [buster] - curl <not-affected> (curl is not built with HSTS support)
+ [bullseye] - curl <ignored> (curl is not built with HSTS support)
+ [buster] - curl <ignored> (curl is not built with HSTS support)
NOTE: https://curl.se/docs/CVE-2022-42916.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c
(curl-7_74_0)
NOTE: Enabled by default since:
https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339
(curl-7_77_0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd554c7b453a82352297b48f8acc5c3a617e87d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd554c7b453a82352297b48f8acc5c3a617e87d2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
