Attachment #242260 for bug #271497

View | Details | Raw Unified | Return to bug 271497 | Differences between
Collapse All | Expand All




  <vuln vid="a4f8bb03-f52f-11ed-9859-080027083a05">
	<topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>8.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
		<p>This update fixes 4 security vulnerabilities:</p>
		<ul>
			<li>Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21</li>
			<li>Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02</li>
			<li>Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17</li>
			<li>Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19</li>
		</ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28319</cvename>
	  <url>https://curl.se/docs/CVE-2023-28319.html</url>
	  <cvename>CVE-2023-28320</cvename>
	  <url>https://curl.se/docs/CVE-2023-28320.html</url>
	  <cvename>CVE-2023-28321</cvename>
	  <url>https://curl.se/docs/CVE-2023-28321.html</url>
	  <cvename>CVE-2023-28322</cvename>
	  <url>https://curl.se/docs/CVE-2023-28322.html</url>
    </references>
    <dates>
      <discovery>2023-03-21</discovery>
      <entry>2023-05-18</entry>
    </dates>
  </vuln>

  <vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e">
    <topic>electron -- vulnerability</topic>
    <affects>
- 

Return to bug 271497

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2023.xml (-1 / +38 lines)
		1	<vuln vid="a4f8bb03-f52f-11ed-9859-080027083a05">
		2	<topic>curl -- multiple vulnerabilities</topic>
		3	<affects>
		4	<package>
		5	<name>curl</name>
		6	<range><lt>8.1.0</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:</p>
		12	<blockquote cite="https://curl.se/docs/security.html">
		13	<p>This update fixes 4 security vulnerabilities:</p>
		14	<ul>
		15	<li>Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21</li>
		16	<li>Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02</li>
		17	<li>Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17</li>
		18	<li>Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19</li>
		19	</ul>
		20	</blockquote>
		21	</body>
		22	</description>
		23	<references>
		24	<cvename>CVE-2023-28319</cvename>
		25	<url>https://curl.se/docs/CVE-2023-28319.html</url>
		26	<cvename>CVE-2023-28320</cvename>
		27	<url>https://curl.se/docs/CVE-2023-28320.html</url>
		28	<cvename>CVE-2023-28321</cvename>
		29	<url>https://curl.se/docs/CVE-2023-28321.html</url>
		30	<cvename>CVE-2023-28322</cvename>
		31	<url>https://curl.se/docs/CVE-2023-28322.html</url>
		32	</references>
		33	<dates>
		34	<discovery>2023-03-21</discovery>
		35	<entry>2023-05-18</entry>
		36	</dates>
		37	</vuln>
		38
1	<vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e">	39	<vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e">
2	<topic>electron -- vulnerability</topic>	40	<topic>electron -- vulnerability</topic>
3	<affects>	41	<affects>
4	-