On Wed, Jun 15, 2022 at 11:47 PM Ruelo, Christine M. L. < christine.m.l.ru...@accenture.com> wrote:
> Hello libcurl4,curl Maintainers, > > > > Good day, We have used the libcurl4,curl package and perform a security > scan using Palo Alto Network – Prisma Cloud and these vulnerabilities below > are reported. > Hi, not sure which Ubuntu releases you scanned but all these were handled and fixed quite a while ago. To help you find that information yourself for this and any other cases let me point you to USN [1]. There you can enter your CVE numbers and will find which release was affected and in which package versions it got fixed. If you want to do such checks automatically there is also oval data [2]. If your scanners still report the issue you'll need to check that in detail, but form my personal experience in 9 out of 10 cases the problem is that they only perform "if version > X" which doesn't always work well for fixes backported to versions that are in Distributions (for example libcurl3-gnutls - 7.74.0-1ubuntu2 becomes libcurl3-gnutls - 7.74.0-1ubuntu2.1 due to the fix - but the scanner might just check > 7.75). [1]: https://ubuntu.com/security/notices [2]: https://ubuntu.com/security/oval > We would like to report it and let us know once the fix is available so we > can update accordingly. > > > > CVE-2021-22898 > > CVE-2021-22947 > > CVE-2021-22946 > > CVE-2021-22945 > > CVE-2021-22924 > > > > Thank you > > > > Regards, > > *I* CHRISTINE MAE RUELO > > *I* ATCP | Data + AI > > *I* Global One Eastwood > > *I* E: christine.m.l.ru...@accenture.com > > *I* M: +63 927 088 6796 > > Accenture Confidential > > *PTO: * > > *Holiday: * > > *Training: * > > > > ------------------------------ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. Your privacy is important to us. > Accenture uses your personal data only in compliance with data protection > laws. For further information on how Accenture processes your personal > data, please see our privacy statement at > https://www.accenture.com/us-en/privacy-policy. > > ______________________________________________________________________________________ > > www.accenture.com > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
