CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2023/03/20 10:35:16
Modified files:
net/curl : Makefile distinfo
Log message:
net/curl: security update to 8.0.1
The version jump is due to curl's 25-year anniversary. Otherwise
this is an ordinary bug fix release.
Includes fixes for
CVE-2023-27533: TELNET option IAC injection
CVE-2023-27534: SFTP path ~ resolving discrepancy
CVE-2023-27535: FTP too eager connection reuse
CVE-2023-27536: GSS delegation too eager connection re-use
CVE-2023-27537: HSTS double-free
CVE-2023-27538: SSH connection too eager reuse still
Some of those affect protocols not enabled in the port.
